pmount(1)

1pmount(1)                   General Commands Manual                  pmount(1)
2
3
4

NAME

6       pmount - mount arbitrary hotpluggable devices as normal user
7
8

SYNOPSIS

10       pmount [ options ] device
11
12       pmount [ options ] device label
13
14       pmount --lock [ options ] device pid
15
16       pmount --unlock [ options ] device pid
17
18       pmount
19
20

DESCRIPTION

22       pmount  ("policy mount") is a wrapper around the standard mount program
23       which permits normal users to mount removable devices without a  match‐
24       ing /etc/fstab entry.
25
26       pmount also supports encrypted devices which use dm-crypt and have LUKS
27       metadata. If a LUKS-capable cryptsetup is installed, pmount will use it
28       to  decrypt  the  device  first and mount the mapped unencrypted device
29       instead.
30
31       pmount is invoked like this:
32
33       pmount device [ label ]
34
35       This will mount device to a directory below /media  if  policy  is  met
36       (see  below).  If label is given, the mount point will be /media/label,
37       otherwise it will be /media/device.
38
39       The   device   will   be   mounted   with    the    following    flags:
40       async,atime,nodev,noexec,noauto,nosuid,user,rw
41
42       Some applications like CD burners modify a raw device which must not be
43       mounted while the burning process is in progress. To prevent  automatic
44       mounting,  pmount  offers a locking mechanism: pmount --lock device pid
45       will prevent the pmounting of device until it is unlocked  again  using
46       pmount  --unlock  device  pid. The process id pid assigns the lock to a
47       particular process; this allows to lock a device by several processes.
48
49       During mount, the list of locks is cleaned, i. e. all locks whose asso‐
50       ciated  process does not exist any more are removed. This prevents for‐
51       gotten indefinite locks from crashed programs.
52
53       Running pmount without arguments prints the list of  mounted  removable
54       devices, a bit in the fashion of mount (1).
55
56       Please note that you can use labels and uuids as described in fstab (5)
57       for devices present in /etc/fstab.  In this case, the device name  need
58       to  match  exactly the corresponding entry in /etc/fstab, including the
59       LABEL= or UUID= part.
60
61
62

POLICY

64       The mount will succeed if all of the following conditions are met:
65
66
67       · device is a block device in /dev/
68
69       · device is not in /etc/fstab (if it is, pmount executes  mount  device
70         as the calling user to handle this transparently). See below for more
71         details.
72
73       · device is not already mounted according to /etc/mtab and /proc/mounts
74
75       · if the mount point already exists, there is no device already mounted
76         at it and the directory is empty
77
78       · device   is   removable   (USB,   FireWire,   or   MMC   device,   or
79         /sys/block/drive/removable is 1) or whitelisted in /etc/pmount.allow.
80
81       · device is not locked
82
83

OPTIONS

85       -r, --read-only
86              Force the device to be mounted read only. If neither -r  nor  -w
87              is specified, the kernel will choose an appropriate default.
88
89
90       -w, --read-write
91              Force  the device to be mounted read/write. If neither -r nor -w
92              is specified, the kernel will choose an appropriate default.
93
94
95       -s, --sync
96              Mount the device with the  sync  option,  i.  e.  without  write
97              caching.  Default is async (write-back). With this option, write
98              operations are much slower and due to the  massive  increase  of
99              updates  of inode/FAT structures, flash devices may suffer heav‐
100              ily if you write large files. This option is intended to make it
101              safe to just rip out USB drives without proper unmounting.
102
103
104       -A, --noatime
105              Mount the device with the noatime option. Default is atime.
106
107
108       -e, --exec
109              Mount the device with the exec option. Default is noexec.
110
111
112       -t filesystem, --type filesystem
113              Mount  as  specified  file  system type. The file system type is
114              automatically determined if this option is not given. See at the
115              bottom for a list of currently supported filesystems.
116
117
118       -c charset, --charset charset
119              Use given I/O character set (default: utf8 if called in an UTF-8
120              locale, otherwise mount  default).  This  corresponds  with  the
121              mount option iocharset (or nls for NTFS). This option is ignored
122              for file systems that do not support setting the  character  set
123              (see  mount  [22m(8)  for details).  Important note: pmount will now
124              mount   VFAT    filesystems    with    iocharset=iso8859-1    as
125              iocharset=utf8  currently  makes  the  filesystem case-sensitive
126              (which is pretty bad...).
127
128
129       -u umask, --umask umask
130              Use specified umask instead of the default  one.  For  UDF,  the
131              default  is  '000', for VFAT and NTFS the default is '077'. This
132              value is ignored for file systems which do not  support  setting
133              an  umask. Note that you can use a value of 077 to forbid anyone
134              else to read/write the files, 027 to allow your  group  to  read
135              the  files  and  022 to allow anyone to read the files (but only
136              you can write).
137
138
139       --dmask dmask
140
141       --fmask fmask
142              Some filesystems (essentially VFAT and  HFS)  supports  separate
143              umasks (see the -u option just above) for directories and files,
144              to avoid the annoying effect of having all files executable. For
145              these  filesystems,  you  can specify separately the masks using
146              these options. By default, fmask is umask without all executable
147              permissions  and  dmask is umask.  Most of the times, these set‐
148              tings should just do what you want, so there  should  be  seldom
149              any need for using directly the --fmask and --dmask options.
150
151
152       -p file --passphrase file
153              If  the  device is encrypted (dm-crypt with LUKS metadata), read
154              the passphrase from specified file instead of prompting  at  the
155              terminal.
156
157
158       -h, --help
159              Print a help message and exit successfully.
160
161
162       -d, --debug
163              Enable verbose debug messages.
164
165
166       -V, --version
167              Print the current version number and exit successfully.
168
169

FILES

171       /etc/pmount.allow
172              List  of  devices  (one  device per line) which are additionally
173              permitted for pmounting. Globs, such as /dev/sda[123]  are  per‐
174              mitted. See see glob (7) for a more complete syntax.
175
176

SUPPORTED FILESYSTEMS

182       For now, pmount supports the following filesystems: udf, iso9660, vfat,
183       ntfs, hfsplus, hfs, ext3, ext2, ext4, reiserfs, reiser4, xfs,  jfs  and
184       omfs.   They  are  tried  sequentially  in  that  exact  order when the
185       filesystem is not specified.
186
187       Additionally,  pmount  supports  the  filesystem  types  ntfs-fuse  and
188       ntfs-3g  to  mount  NTFS  volumes  respectively  with  ntfsmount (1) or
189       ntfs-3g (1). If the file /sbin/mount.ntfs-3g is found, then pmount will
190       mount  NTFS  filestystems with type ntfs-3g rather than plain ntfs.  To
191       disable this behavior, just specify -t ntfs  on  the  command-line,  as
192       this happens only for autodetection.
193
194

MORE ABOUT FSTAB

196       pmount  now  fully  resolve  all  symlinks both in its input and in the
197       /etc/fstab file, which  means  that  if  /dev/cdrom  is  a  symlink  to
198       /dev/hdc  and  you try to mount /dev/hdc directly, pmount will delegate
199       this to mount(1).  This is a feature, and it  contrasts  with  previous
200       unclear behavior of pmount about symlinks in /etc/fstab.
201
202

KNOWN ISSUES

204       Though  we  believe  pmount is pretty much free from security problems,
205       there are quite a few glitches that probably will never be fixed.
206
207
208       · pmount needs to try several different  times  to  mount  to  get  the
209         filesystem  right in the end; it is vital that pmount does know which
210         precise filesystem to mount in order to give it the right options not
211         to  cause security holes. This is rather different from the behaviour
212         of mount with the -t auto options, which  can  have  a  look  at  the
213         device  it  is  trying  to mount and find out what its filesystem is.
214         pmount will never try to open a device and look at  it  to  find  out
215         which  filesystem it is, as it might open quite a few security holes.
216         Moreover, the order in which the filesystems are tried  are  what  we
217         could  call  the  most  commonly used filesystems on removable media.
218         This order is unlikely to change as well. In particular,  that  means
219         that  when you mount an ext3 filesystem using pmount, you might get a
220         lot of fs-related kernel error messages. Sorry !
221
222       NOTE: Starting from version 0.9.17, pmount uses the same  mechanism  as
223       mount  [22m(1)  to autodetect the filesystem type, so this kind of problems
224       should not happen anymore.
225
226
227

AUTHOR

229       pmount was originally developed  by  Martin  Pitt  <martin.pitt@canoni‐
230       cal.com>.    It   is   now   maintained   by  Vincent  Fourmond  <four‐
231       mond@debian.org>.
232
233
234
235Martin Pitt                     August 27, 2004                      pmount(1)