Linux mount user group

The proc filesystem is not associated with a special device, and when mounting it, an arbitrary keyword — for example, proc — can be used instead of a device specification. (The customary choice none is less fortunate: the error message ‘none already mounted’ from mount can be confusing.)

The files /etc/fstab, /etc/mtab and /proc/mounts

(usually given in a bootscript) causes all filesystems mentioned in fstab (of the proper type and/or having or not having the proper options) to be mounted as indicated, except for those whose line contains the noauto keyword. Adding the -F option will make mount fork, so that the filesystems are mounted in parallel.

When mounting a filesystem mentioned in fstab or mtab, it suffices to specify on the command line only the device, or only the mount point.

The programs mount and umount(8) traditionally maintained a list of currently mounted filesystems in the file /etc/mtab. The support for regular classic /etc/mtab is completely disabled at compile time by default, because on current Linux systems it is better to make /etc/mtab a symlink to /proc/mounts instead. The regular mtab file maintained in userspace cannot reliably work with namespaces, containers and other advanced Linux features. If the regular mtab support is enabled, then it’s possible to use the file as well as the symlink.

If no arguments are given to mount, the list of mounted filesystems is printed.

If you want to override mount options from /etc/fstab, you have to use the -o option:

and then the mount options from the command line will be appended to the list of options from /etc/fstab. This default behaviour can be changed using the —options-mode command-line option. The usual behavior is that the last option wins if there are conflicting ones.

The mount program does not read the /etc/fstab file if both device (or LABEL, UUID, ID, PARTUUID or PARTLABEL) and dir are specified. For example, to mount device foo at /dir:

This default behaviour can be changed by using the —options-source-force command-line option to always read configuration from fstab. For non-root users mount always reads the fstab configuration.

Non-superuser mounts

Thus, given a line

/dev/cdrom /cd iso9660 ro,user,noauto,unhide

any user can mount the iso9660 filesystem found on an inserted CDROM using the command:

Note that mount is very strict about non-root users and all paths specified on command line are verified before fstab is parsed or a helper program is executed. It’s strongly recommended to use a valid mountpoint to specify filesystem, otherwise mount may fail. For example it’s a bad idea to use NFS or CIFS source on command line.

Since util-linux 2.35, mount does not exit when user permissions are inadequate according to libmount’s internal security rules. Instead, it drops suid permissions and continues as regular non-root user. This behavior supports use-cases where root permissions are not necessary (e.g., fuse filesystems, user namespaces, etc).

For more details, see fstab(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount it, then use users instead of user in the fstab line. The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be a member of the group of the special file.

Bind mount operation

or by using this fstab entry:

After this call the same contents are accessible in two places.

It is important to understand that «bind» does not create any second-class or special node in the kernel VFS. The «bind» is just another operation to attach a filesystem. There is nowhere stored information that the filesystem has been attached by a «bind» operation. The olddir and newdir are independent and the olddir may be unmounted.

One can also remount a single file (on a single file). It’s also possible to use a bind mount to create a mountpoint from a regular directory, for example:

mount —bind foo foo

The bind mount call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts can be attached a second place by using:

mount —rbind olddir newdir

Note that the filesystem mount options maintained by the kernel will remain the same as those on the original mount point. The userspace mount options (e.g., _netdev) will not be copied by mount and it’s necessary to explicitly specify the options on the mount command line.

Since util-linux 2.27 mount permits changing the mount options by passing the relevant options along with —bind. For example:

mount -o bind,ro foo foo

This feature is not supported by the Linux kernel; it is implemented in userspace by an additional mount(2) remounting system call. This solution is not atomic.

The alternative (classic) way to create a read-only bind mount is to use the remount operation, for example:

mount —bind olddir newdir mount -o remount,bind,ro olddir newdir

Note that a read-only bind will create a read-only mountpoint (VFS entry), but the original filesystem superblock will still be writable, meaning that the olddir will be writable, but the newdir will be read-only.

It’s also possible to change nosuid, nodev, noexec, noatime, nodiratime and relatime VFS entry flags via a «remount,bind» operation. The other flags (for example filesystem-specific flags) are silently ignored. It’s impossible to change mount options recursively (for example with -o rbind,ro).

Since util-linux 2.31, mount ignores the bind flag from /etc/fstab on a remount operation (if «-o remount» is specified on command line). This is necessary to fully control mount options on remount by command line. In previous versions the bind flag has been always applied and it was impossible to re-define mount options without interaction with the bind semantic. This mount behavior does not affect situations when «remount,bind» is specified in the /etc/fstab file.

The move operation

This will cause the contents which previously appeared under olddir to now be accessible under newdir. The physical location of the files is not changed. Note that olddir has to be a mountpoint.

Note also that moving a mount residing under a shared mount is invalid and unsupported. Use findmnt -o TARGET,PROPAGATION to see the current propagation flags.

Shared subtree operations

Supported operations are:

The following commands allow one to recursively change the type of all the mounts under a given mountpoint.

mount(8) does not read fstab(5) when a —make-* operation is requested. All necessary information has to be specified on the command line.

Note that the Linux kernel does not allow changing multiple propagation flags with a single mount(2) system call, and the flags cannot be mixed with other mount options and operations.

Since util-linux 2.23 the mount command can be used to do more propagation (topology) changes by one mount(8) call and do it also together with other mount operations. The propagation flags are applied by additional mount(2) system calls when the preceding mount operations were successful. Note that this use case is not atomic. It is possible to specify the propagation flags in fstab(5) as mount options (private, slave, shared, unbindable, rprivate, rslave, rshared, runbindable).

COMMAND-LINE OPTIONS

The mount command does not pass all command-line options to the /sbin/mount.suffix mount helpers. The interface between mount and the mount helpers is described below in the section EXTERNAL HELPERS.

Command-line options available for the mount command are:

The option —all is possible to use for remount operation too. In this case all filters (-t and -O) are applied to the table of already mounted filesystems.

Since version 2.35 is possible to use the command line option -o to alter mount options from fstab (see also —options-mode).

Note that it is a bad practice to use mount -a for fstab checking. The recommended solution is findmnt —verify.

Note that mount does not pass this option to the /sbin/mount.type helpers.

mount switches to the mount namespace when it reads /etc/fstab, writes /etc/mtab: (or writes to _/run/mount) and calls the mount(2) system call, otherwise it runs in the original mount namespace. This means that the target namespace does not have to contain any libraries or other requirements necessary to execute the mount(2) call.

See mount_namespaces(7) for more information.

mount -a -O no_netdev

mounts all filesystems except those which have the option netdev specified in the options field in the /etc/fstab file.

It is different from -t in that each option is matched exactly; a leading no at the beginning of one option does not negate the rest.

The -t and -O options are cumulative in effect; that is, the command

mount -a -t ext2 -O _netdev

mounts all ext2 filesystems with the _netdev option, not all filesystems that are either ext2 or have the _netdev option specified.

mount LABEL=mydisk -o noatime,nodev,nosuid

For more details, see the FILESYSTEM-INDEPENDENT MOUNT OPTIONS and FILESYSTEM-SPECIFIC MOUNT OPTIONS sections.

Note that, depending on the filesystem type, state and kernel behavior, the system may still write to the device. For example, ext3 and ext4 will replay the journal if the filesystem is dirty. To prevent this kind of write access, you may want to mount an ext3 or ext4 filesystem with the ro,noload mount options or set the block device itself to read-only mode, see the blockdev(8) command.

mount —all —target-prefix /chroot -o X-mount.mkdir

mounts all from system fstab to /chroot, all missing mountpoint are created (due to X-mount.mkdir). See also —fstab to use an alternative fstab.

Note that mount does not pass the option —fstab to the /sbin/mount.type helpers, meaning that the alternative fstab files will be invisible for the helpers. This is no problem for normal mounts, but user (non-root) mounts always require fstab to verify the user’s rights.

The programs mount and umount(8) support filesystem subtypes. The subtype is defined by a ‘.subtype’ suffix. For example ‘fuse.sshfs’. It’s recommended to use subtype notation rather than add any prefix to the mount source (for example ‘sshfs#example.com’ is deprecated).

If no -t option is given, or if the auto type is specified, mount will try to guess the desired type. mount uses the libblkid(3) library for guessing the filesystem type; if that does not turn up anything that looks familiar, mount will try to read the file /etc/filesystems, or, if that does not exist, /proc/filesystems. All of the filesystem types listed there will be tried, except for those that are labeled «nodev» (e.g. devpts, proc and nfs). If /etc/filesystems ends in a line with a single *, mount will read /proc/filesystems afterwards. While trying, all filesystem types will be mounted with the mount option silent.

The auto type may be useful for user-mounted floppies. Creating a file /etc/filesystems can be useful to change the probe order (e.g., to try vfat before msdos or ext3 before ext2) or if you use a kernel module autoloader.

More than one type may be specified in a comma-separated list, for the -t option as well as in an /etc/fstab entry. The list of filesystem types for the -t option can be prefixed with no to specify the filesystem types on which no action should be taken. The prefix no has no effect when specified in an /etc/fstab entry.

The prefix no can be meaningful with the -a option. For example, the command

mount -a -t nomsdos,smbfs

mounts all filesystems except those of type msdos and smbfs.

For most types all the mount program has to do is issue a simple mount(2) system call, and no detailed knowledge of the filesystem type is required. For a few types however (like nfs, nfs4, cifs, smbfs, ncpfs) an ad hoc code is necessary. The nfs, nfs4, cifs, smbfs, and ncpfs filesystems have a separate mount program. In order to make it possible to treat all types in a uniform way, mount will execute the program /sbin/mount.type (if that exists) when called with type type. Since different versions of the smbmount program have different calling conventions, /sbin/mount.smbfs may have to be a shell script that sets up the desired call.

A synonym is -o rw.

Note that specifying -w on the command line forces mount to never try read-only mount on write-protected devices or already mounted read-only filesystems.

FILESYSTEM-INDEPENDENT MOUNT OPTIONS

Some of these options could be enabled or disabled by default in the system kernel. To check the current setting see the options in /proc/mounts. Note that filesystems also have per-filesystem specific default mount options (see for example tune2fs -l output for ext_N_ filesystems).

The following options apply to any filesystem that is being mounted (but not every filesystem actually honors them — e.g., the sync option today has an effect only for ext2, ext3, ext4, fat, vfat, ufs and xfs):

context=context, fscontext=context, defcontext=context, and rootcontext=context

A commonly used option for removable media is context=»system_u:object_r:removable_t.

The fscontext= option works for all filesystems, regardless of their xattr support. The fscontext option sets the overarching filesystem label to a specific security context. This filesystem label is separate from the individual labels on the files. It represents the entire filesystem for certain kinds of permission checks, such as during mount or file creation. Individual file labels are still obtained from the xattrs on the files themselves. The context option actually sets the aggregate context that fscontext provides, in addition to supplying the same label for individual files.

You can set the default security context for unlabeled files using defcontext= option. This overrides the value set for unlabeled files in the policy and requires a filesystem that supports xattr labeling.

The rootcontext= option allows you to explicitly label the root inode of a FS being mounted before that FS or inode becomes visible to userspace. This was found to be useful for things like stateless Linux.

Note that the kernel rejects any remount request that includes the context option, even when unchanged from the current context.

Warning: the context value might contain commas, in which case the value has to be properly quoted, otherwise mount will interpret the comma as a separator between mount options. Don’t forget that the shell strips off quotes and thus double quoting is required. For example:

mount -t tmpfs none /mnt -o \ ‘context=»system_u:object_r:tmp_t:s0:c127,c456″,noexec’

For more details, see selinux(8).

Note that the real set of all default mount options depends on the kernel and filesystem type. See the beginning of this section for more details.

Since Linux 2.6.30, the kernel defaults to the behavior provided by this option (unless noatime was specified), and the strictatime option is required to obtain traditional semantics. In addition, since Linux 2.6.30, the file’s last access time is always updated if it is more than 1 day old.

This mount option significantly reduces writes to the inode table for workloads that perform frequent random writes to preallocated files.

The on-disk timestamps are updated only when:

The remount operation together with the bind flag has special semantics. See above, the subsection Bind mounts.

The remount functionality follows the standard way the mount command works with options from fstab. This means that mount does not read fstab (or mtab) only when both device and dir are specified.

mount -o remount,rw /dev/foo /dir

After this call all old mount options are replaced and arbitrary stuff from fstab (or mtab) is ignored, except the loop= option which is internally generated and maintained by the mount command.

mount -o remount,rw /dir

After this call, mount reads fstab and merges these options with the options from the command line (-o). If no mountpoint is found in fstab, then a remount with unspecified source is allowed.

mount allows the use of —all to remount all already mounted filesystems which match a specified filter (-O and -t). For example:

mount —all -o remount,ro -t vfat

remounts all already mounted vfat filesystems in read-only mode. Each of the filesystems is remounted by mount -o remount,ro /dir semantic. This means the mount command reads fstab or mtab and merges these options with the options from the command line.

Note that before util-linux v2.30 the x-* options have not been maintained by libmount and stored in user space (functionality was the same as for X-* now), but due to the growing number of use-cases (in initrd, systemd etc.) the functionality has been extended to keep existing fstab configurations usable without a change.

FILESYSTEM-SPECIFIC MOUNT OPTIONS

This section lists options that are specific to particular filesystems. Where possible, you should first consult filesystem-specific manual pages for details. Some of those pages are listed in the following table.

Note that some of the pages listed above might be available only after you install the respective userland tools.

The following options apply only to certain filesystems. We sort them by filesystem. All options follow the -o flag.

What options are supported depends a bit on the running kernel. Further information may be available in filesystem-specific files in the kernel source subdirectory Documentation/filesystems.

Mount options for adfs

Mount options for affs

Mount options for debugfs

Mount options for devpts

All mounts of devpts without this newinstance option share the same set of pseudo terminal indices (i.e., legacy mode). Each mount of devpts with the newinstance option has a private set of pseudo terminal indices.

This option is mainly used to support containers in the Linux kernel. It is implemented in Linux kernel versions starting with 2.6.29. Further, this mount option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.

To use this option effectively, /dev/ptmx must be a symbolic link to pts/ptmx. See Documentation/filesystems/devpts.txt in the Linux kernel source tree for details.

With the support for multiple instances of devpts (see newinstance option above), each instance has a private ptmx node in the root of the devpts filesystem (typically /dev/pts/ptmx).

For compatibility with older versions of the kernel, the default mode of the new ptmx node is 0000. ptmxmode=value specifies a more useful mode for the ptmx node and is highly recommended when the newinstance option is specified.

This option is only implemented in Linux kernel versions starting with 2.6.29. Further, this option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.

Источник