1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
.TH fuse "8"
.SH NAME
fuse \- configuration and mount options for FUSE file systems
.SH DESCRIPTION
FUSE (Filesystem in Userspace) is a simple interface for userspace programs to export a virtual filesystem to the Linux kernel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementations.
.SH CONFIGURATION
Some options regarding mount policy can be set in the file \fI/etc/fuse.conf\fP. Currently these options are:
.TP
\fBmount_max = NNN\fP
Set the maximum number of FUSE mounts allowed to non-root users. The default is 1000.
.TP
\fBuser_allow_other\fP
Allow non-root users to specify the \fBallow_other\fP or \fBallow_root\fP mount options (see below).
.SH OPTIONS
Most of the generic mount options described in \fBmount\fP are
supported (\fBro\fP, \fBrw\fP, \fBsuid\fP, \fBnosuid\fP, \fBdev\fP,
\fBnodev\fP, \fBexec\fP, \fBnoexec\fP, \fBatime\fP, \fBnoatime\fP,
\fBsync\fP, \fBasync\fP, \fBdirsync\fP). Filesystems are mounted with
\fBnodev,nosuid\fP by default, which can only be overridden by a
privileged user.
.SS "General mount options:"
These are FUSE specific mount options that can be specified for all filesystems:
.TP
\fBdefault_permissions\fP
This option instructs the kernel to perform its own permission check
instead of deferring all permission checking to the FUSE
filesystem. The check by the kernel is done in addition to any
permission checks by the filesystem, and both have to succeed for an
operation to be allowed. The kernel performs a standard UNIX permission
check (based on mode bits and ownership of the directory entry, and
uid/gid of the acessing process). If the filesystem supports extended
attributes and the kernel is sufficiently recent, it may also take
into account access control lists (ACLs).
.TP
\fBallow_other\fP
This option overrides the security measure restricting file access to the user mounting the filesystem. So all users (including root) can access the files. This option is by default only allowed to root, but this restriction can be removed with a configuration option described in the previous section.
.TP
\fBallow_root\fP
This option is similar to \fBallow_other\fP but file access is limited to the user mounting the filesystem and root. This option and \fBallow_other\fP are mutually exclusive.
.TP
\fBauto_unmount\fP
This option enables automatic unmounting of the file system if the
FUSE process terminates for any reason. Normally the FUSE process is
responsible for un-mounting the file system, which means that the
mountpoint becomes inaccessible if the file system process terminates
without first unmounting the file system.
.TP
\fBmax_read=N\fP With this option the maximum size of read operations
can be set. The default is infinite, but typically the kernel enforces
its own limit in addition to this one.
\fBWarning:\fP The correct
setting for this option depends on implementation details of the file
system and is not intended to be specified by the user mounting the
file system. Rather, the correct value should be added by the
file-system internally when it calls \fBmount(2)\fP.
.TP
\fBdebug\fP
Turns on debug information printing by the library.
.TP
\fBfsname=NAME\fP
Sets the filesystem source (first field in \fI/etc/mtab\fP). The default is the mount program name.
.TP
\fBsubtype=TYPE\fP
Sets the filesystem type (third field in \fI/etc/mtab\fP). The default is the mount program name. If the kernel suppports it, \fI/etc/mtab\fP and \fI/proc/mounts\fP will show the filesystem type as \fBfuse.TYPE\fP
If the kernel doesn't support subtypes, the source filed will be \fBTYPE#NAME\fP, or if \fBfsname\fP option is not specified, just \fBTYPE\fP.
.TP
\fBblkdev\fP
Mount a filesystem backed by a block device. This is a privileged option. The device must be specified with the \fBfsname=NAME\fP option.
.SS "High-level mount options:"
These are FUSE specific mount options that can only be specified for
file-systems that use the high-level FUSE API:
.TP
\fBkernel_cache\fP
This option disables flushing the cache of the file contents on every \fBopen\fP(2). This should only be enabled on filesystems, where the file data is never changed externally (not through the mounted FUSE filesystem). Thus it is not suitable for network filesystems and other \fIintermediate\fP filesystems.
\fBNOTE\fP: if this option is not specified (and neither \fBdirect_io\fP) data is still cached after the \fBopen\fP(2), so a \fBread\fP(2) system call will not always initiate a read operation.
.TP
\fBauto_cache\fP
This option is an alternative to
`kernel_cache`. Instead of unconditionally keeping cached data, the
cached data is invalidated on \fBopen\fP(2) if if the modification
time or the size of the file has changed since it was last opened.
.TP
\fBumask=M\fP
Override the permission bits in \fIst_mode\fP set by the filesystem. The resulting permission bits are the ones missing from the given umask value. The value is given in octal representation.
.TP
\fBuid=N\fP
Override the \fIst_uid\fP field set by the filesystem (N is numeric).
.TP
\fBgid=N\fP
Override the \fIst_gid\fP field set by the filesystem (N is numeric).
.TP
\fBentry_timeout=T\fP
The timeout in seconds for which name lookups will be cached. The default is 1.0 second. For all the timeout options, it is possible to give fractions of a second as well (e.g. \fBentry_timeout=2.8\fP)
.TP
\fBnegative_timeout=T\fP
The timeout in seconds for which a negative lookup will be cached. This means, that if file did not exist (lookup retuned \fBENOENT\fP), the lookup will only be redone after the timeout, and the file/directory will be assumed to not exist until then. The default is 0.0 second, meaning that caching negative lookups are disabled.
.TP
\fBattr_timeout=T\fP
The timeout in seconds for which file/directory attributes are cached. The default is 1.0 second.
.TP
\fBac_attr_timeout=T\fP
The timeout in seconds for which file attributes are cached for the purpose of checking if \fBauto_cache\fP should flush the file data on open. The default is the value of \fBattr_timeout\fP
.TP
\fBnoforget\fP
.TP
\fBremember=T\fP
Normally, FUSE assigns inodes to paths only for as long as the kernel
is aware of them. With this option inodes are instead assigned
for at least \fBT\fP seconds (or, in the case of \fBnoforget\fP,
the life-time of the file-system process). This will require more
memory, but may be necessary when using applications that make use of
inode numbers.
.TP
\fBmodules=M1[:M2...]\fP
Add modules to the filesystem stack. Modules are pushed in the order they are specified, with the original filesystem being on the bottom of the stack.
.SH FUSE MODULES (STACKING)
Modules are filesystem stacking support to high level API. Filesystem modules can be built into libfuse or loaded from shared object
.SS "iconv"
Perform file name character set conversion. Options are:
.TP
\fBfrom_code=CHARSET\fP
Character set to convert from (see \fBiconv -l\fP for a list of possible values). Default is \fBUTF-8\fP.
.TP
\fBto_code=CHARSET\fP
Character set to convert to. Default is determined by the current locale.
.SS "subdir"
Prepend a given directory to each path. Options are:
.TP
\fBsubdir=DIR\fP
Directory to prepend to all paths. This option is \fImandatory\fP.
.TP
\fBrellinks\fP
Transform absolute symlinks into relative
.TP
\fBnorellinks\fP
Do not transform absolute symlinks into relative. This is the default.
.SH SECURITY
The fusermount program is installed set-user-gid to fuse. This is done to allow users from fuse group to mount
their own filesystem implementations.
There must however be some limitations, in order to prevent Bad User from
doing nasty things. Currently those limitations are:
.IP 1.
The user can only mount on a mountpoint, for which it has write permission
.IP 2.
The mountpoint is not a sticky directory which isn't owned by the user (like \fI/tmp\fP usually is)
.IP 3.
No other user (including root) can access the contents of the mounted filesystem.
.SH NOTE
FUSE filesystems are unmounted using the \fBfusermount\fP(1) command (\fBfusermount -u mountpoint\fP).
.SH "AUTHORS"
.LP
FUSE is currently maintained by Nikolaus Rath <Nikolaus@rath.org>
.LP
The original author of FUSE is Miklos Szeredi <mszeredi@inf.bme.hu>.
.LP
This man page was originally written by Bastien Roucaries <roucaries.bastien+debian@gmail.com> for the
Debian GNU/Linux distribution.
.SH SEE ALSO
fusermount(1)
mount(8)
|
