Scroll to navigation

MOUNT(8) System Administration MOUNT(8)

NAME

mount - mount a filesystem

SYNOPSIS

mount [-h|-V]

mount [-l] [-t fstype]

mount -a [-fFnrsvw] [-t fstype] [-O optlist]

mount [-fnrsvw] [-o options] device|mountpoint

mount [-fnrsvw] [-t fstype] [-o options] device mountpoint

mount --bind|--rbind|--move olddir newdir

mount --make-[shared|slave|private|unbindable|rshared|rslave|rprivate|runbindable] mountpoint

DESCRIPTION

All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the filesystem found on some device to the big file tree. Conversely, the umount(8) command will detach it again. The filesystem is used to control how data is stored on the device or provided in a virtual way by network or other services.

The standard form of the mount command is:

mount -t type device dir

This tells the kernel to attach the filesystem found on device (which is of type type) at the directory dir. The option -t type is optional. The mount command is usually able to detect a filesystem. The root permissions are necessary to mount a filesystem by default. See section "Non-superuser mounts" below for more details. The previous contents (if any) and owner and mode of dir become invisible, and as long as this filesystem remains mounted, the pathname dir refers to the root of the filesystem on device.

If only the directory or the device is given, for example:

mount /dir

then mount looks for a mountpoint (and if not found then for a device) in the /etc/fstab file. It’s possible to use the --target or --source options to avoid ambiguous interpretation of the given argument. For example:

mount --target /mountpoint

The same filesystem may be mounted more than once, and in some cases (e.g., network filesystems) the same filesystem may be mounted on the same mountpoint multiple times. The mount command does not implement any policy to control this behavior. All behavior is controlled by the kernel and it is usually specific to the filesystem driver. The exception is --all, in this case already mounted filesystems are ignored (see --all below for more details).

Listing the mounts

The listing mode is maintained for backward compatibility only.

For more robust and customizable output use findmnt(8), especially in your scripts. Note that control characters in the mountpoint name are replaced with '?'.

The following command lists all mounted filesystems (of type type):

mount [-l] [-t type]

The option -l adds labels to this listing. See below.

Indicating the device and filesystem

Most devices are indicated by a filename (of a block special device), like /dev/sda1, but there are other possibilities. For example, in the case of an NFS mount, device may look like knuth.cwi.nl:/dir.

The device names of disk partitions are unstable; hardware reconfiguration, and adding or removing a device can cause changes in names. This is the reason why it’s strongly recommended to use filesystem or partition identifiers like UUID or LABEL. Currently supported identifiers (tags):

LABEL=label

Human readable filesystem identifier. See also -L.

UUID=uuid

Filesystem universally unique identifier. The format of the UUID is usually a series of hex digits separated by hyphens. See also -U.

Note that mount uses UUIDs as strings. The UUIDs from the command line or from fstab(5) are not converted to internal binary representation. The string representation of the UUID should be based on lower case characters.

PARTLABEL=label

Human readable partition identifier. This identifier is independent on filesystem and does not change by mkfs or mkswap operations It’s supported for example for GUID Partition Tables (GPT).

PARTUUID=uuid

Partition universally unique identifier. This identifier is independent on filesystem and does not change by mkfs or mkswap operations It’s supported for example for GUID Partition Tables (GPT).

ID=id

Hardware block device ID as generated by udevd. This identifier is usually based on WWN (unique storage identifier) and assigned by the hardware manufacturer. See ls /dev/disk/by-id for more details, this directory and running udevd is required. This identifier is not recommended for generic use as the identifier is not strictly defined and it depends on udev, udev rules and hardware.

The command lsblk --fs provides an overview of filesystems, LABELs and UUIDs on available block devices. The command blkid -p <device> provides details about a filesystem on the specified device.

Don’t forget that there is no guarantee that UUIDs and labels are really unique, especially if you move, share or copy the device. Use lsblk -o +UUID,PARTUUID to verify that the UUIDs are really unique in your system.

The recommended setup is to use tags (e.g. UUID=uuid) rather than /dev/disk/by-{label,uuid,id,partuuid,partlabel} udev symlinks in the /etc/fstab file. Tags are more readable, robust and portable. The mount(8) command internally uses udev symlinks, so the use of symlinks in /etc/fstab has no advantage over tags. For more details see libblkid(3).

The proc filesystem is not associated with a special device, and when mounting it, an arbitrary keyword - for example, proc - can be used instead of a device specification. (The customary choice none is less fortunate: the error message 'none already mounted' from mount can be confusing.)

The files /etc/fstab, /etc/mtab and /proc/mounts

The file /etc/fstab (see fstab(5)), may contain lines describing what devices are usually mounted where, using which options. The default location of the fstab(5) file can be overridden with the --fstab path command-line option (see below for more details).

The command

mount -a [-t type] [-O optlist]

(usually given in a bootscript) causes all filesystems mentioned in fstab (of the proper type and/or having or not having the proper options) to be mounted as indicated, except for those whose line contains the noauto keyword. Adding the -F option will make mount fork, so that the filesystems are mounted in parallel.

When mounting a filesystem mentioned in fstab or mtab, it suffices to specify on the command line only the device, or only the mount point.

The programs mount and umount(8) traditionally maintained a list of currently mounted filesystems in the file /etc/mtab. The support for regular classic /etc/mtab is completely disabled at compile time by default, because on current Linux systems it is better to make /etc/mtab a symlink to /proc/mounts instead. The regular mtab file maintained in userspace cannot reliably work with namespaces, containers and other advanced Linux features. If the regular mtab support is enabled, then it’s possible to use the file as well as the symlink.

If no arguments are given to mount, the list of mounted filesystems is printed.

If you want to override mount options from /etc/fstab, you have to use the -o option:

mount device**|dir -o options

and then the mount options from the command line will be appended to the list of options from /etc/fstab. This default behaviour can be changed using the --options-mode command-line option. The usual behavior is that the last option wins if there are conflicting ones.

The mount program does not read the /etc/fstab file if both device (or LABEL, UUID, ID, PARTUUID or PARTLABEL) and dir are specified. For example, to mount device foo at /dir:

mount /dev/foo /dir

This default behaviour can be changed by using the --options-source-force command-line option to always read configuration from fstab. For non-root users mount always reads the fstab configuration.

Non-superuser mounts

Normally, only the superuser can mount filesystems. However, when fstab contains the user option on a line, anybody can mount the corresponding filesystem.

Thus, given a line

/dev/cdrom /cd iso9660 ro,user,noauto,unhide

any user can mount the iso9660 filesystem found on an inserted CDROM using the command:

mount /cd

Note that mount is very strict about non-root users and all paths specified on command line are verified before fstab is parsed or a helper program is executed. It’s strongly recommended to use a valid mountpoint to specify filesystem, otherwise mount may fail. For example it’s a bad idea to use NFS or CIFS source on command line.

Since util-linux 2.35, mount does not exit when user permissions are inadequate according to libmount’s internal security rules. Instead, it drops suid permissions and continues as regular non-root user. This behavior supports use-cases where root permissions are not necessary (e.g., fuse filesystems, user namespaces, etc).

For more details, see fstab(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount it, then use users instead of user in the fstab line. The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be a member of the group of the special file.

Bind mount operation

Remount part of the file hierarchy somewhere else. The call is:

mount --bind olddir newdir

or by using this fstab entry:

/olddir /newdir none bind

After this call the same contents are accessible in two places.

It is important to understand that "bind" does not create any second-class or special node in the kernel VFS. The "bind" is just another operation to attach a filesystem. There is nowhere stored information that the filesystem has been attached by a "bind" operation. The olddir and newdir are independent and the olddir may be unmounted.

One can also remount a single file (on a single file). It’s also possible to use a bind mount to create a mountpoint from a regular directory, for example:

mount --bind foo foo

The bind mount call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts can be attached a second place by using:

mount --rbind olddir newdir

Note that the filesystem mount options maintained by the kernel will remain the same as those on the original mount point. The userspace mount options (e.g., _netdev) will not be copied by mount and it’s necessary to explicitly specify the options on the mount command line.

Since util-linux 2.27 mount permits changing the mount options by passing the relevant options along with --bind. For example:

mount -o bind,ro foo foo

This feature is not supported by the Linux kernel; it is implemented in userspace by an additional mount(2) remounting system call. This solution is not atomic.

The alternative (classic) way to create a read-only bind mount is to use the remount operation, for example:

mount --bind olddir newdir mount -o remount,bind,ro olddir newdir

Note that a read-only bind will create a read-only mountpoint (VFS entry), but the original filesystem superblock will still be writable, meaning that the olddir will be writable, but the newdir will be read-only.

It’s also possible to change nosuid, nodev, noexec, noatime, nodiratime and relatime VFS entry flags via a "remount,bind" operation. The other flags (for example filesystem-specific flags) are silently ignored. It’s impossible to change mount options recursively (for example with -o rbind,ro).

Since util-linux 2.31, mount ignores the bind flag from /etc/fstab on a remount operation (if "-o remount" is specified on command line). This is necessary to fully control mount options on remount by command line. In previous versions the bind flag has been always applied and it was impossible to re-define mount options without interaction with the bind semantic. This mount behavior does not affect situations when "remount,bind" is specified in the /etc/fstab file.

The move operation

Move a mounted tree to another place (atomically). The call is:

mount --move olddir newdir

This will cause the contents which previously appeared under olddir to now be accessible under newdir. The physical location of the files is not changed. Note that olddir has to be a mountpoint.

Note also that moving a mount residing under a shared mount is invalid and unsupported. Use findmnt -o TARGET,PROPAGATION to see the current propagation flags.

Shared subtree operations

Since Linux 2.6.15 it is possible to mark a mount and its submounts as shared, private, slave or unbindable. A shared mount provides the ability to create mirrors of that mount such that mounts and unmounts within any of the mirrors propagate to the other mirror. A slave mount receives propagation from its master, but not vice versa. A private mount carries no propagation abilities. An unbindable mount is a private mount which cannot be cloned through a bind operation. The detailed semantics are documented in Documentation/filesystems/sharedsubtree.txt file in the kernel source tree; see also mount_namespaces(7).

Supported operations are:

mount --make-shared mountpoint
mount --make-slave mountpoint
mount --make-private mountpoint
mount --make-unbindable mountpoint

The following commands allow one to recursively change the type of all the mounts under a given mountpoint.

mount --make-rshared mountpoint
mount --make-rslave mountpoint
mount --make-rprivate mountpoint
mount --make-runbindable mountpoint

mount(8) does not read fstab(5) when a --make-* operation is requested. All necessary information has to be specified on the command line.

Note that the Linux kernel does not allow changing multiple propagation flags with a single mount(2) system call, and the flags cannot be mixed with other mount options and operations.

Since util-linux 2.23 the mount command can be used to do more propagation (topology) changes by one mount(8) call and do it also together with other mount operations. The propagation flags are applied by additional mount(2) system calls when the preceding mount operations were successful. Note that this use case is not atomic. It is possible to specify the propagation flags in fstab(5) as mount options (private, slave, shared, unbindable, rprivate, rslave, rshared, runbindable).

For example:

mount --make-private --make-unbindable /dev/sda1 /foo

is the same as:

mount /dev/sda1 /foo
mount --make-private /foo
mount --make-unbindable /foo

COMMAND-LINE OPTIONS

The full set of mount options used by an invocation of mount is determined by first extracting the mount options for the filesystem from the fstab table, then applying any options specified by the -o argument, and finally applying a -r or -w option, when present.

The mount command does not pass all command-line options to the /sbin/mount.suffix mount helpers. The interface between mount and the mount helpers is described below in the section EXTERNAL HELPERS.

Command-line options available for the mount command are:

-a, --all

Mount all filesystems (of the given types) mentioned in fstab (except for those whose line contains the noauto keyword). The filesystems are mounted following their order in fstab. The mount command compares filesystem source, target (and fs root for bind mount or btrfs) to detect already mounted filesystems. The kernel table with already mounted filesystems is cached during mount --all. This means that all duplicated fstab entries will be mounted.

The option --all is possible to use for remount operation too. In this case all filters (-t and -O) are applied to the table of already mounted filesystems.

Since version 2.35 is possible to use the command line option -o to alter mount options from fstab (see also --options-mode).

Note that it is a bad practice to use mount -a for fstab checking. The recommended solution is findmnt --verify.

-B, --bind

Remount a subtree somewhere else (so that its contents are available in both places). See above, under Bind mounts.

-c, --no-canonicalize

Don’t canonicalize paths. The mount command canonicalizes all paths (from the command line or fstab) by default. This option can be used together with the -f flag for already canonicalized absolute paths. The option is designed for mount helpers which call mount -i. It is strongly recommended to not use this command-line option for normal mount operations.

Note that mount does not pass this option to the /sbin/mount.type helpers.

-F, --fork

(Used in conjunction with -a.) Fork off a new incarnation of mount for each device. This will do the mounts on different devices or different NFS servers in parallel. This has the advantage that it is faster; also NFS timeouts proceed in parallel. A disadvantage is that the order of the mount operations is undefined. Thus, you cannot use this option if you want to mount both /usr and /usr/spool.

-f, --fake

Causes everything to be done except for the actual system call; if it’s not obvious, this "fakes" mounting the filesystem. This option is useful in conjunction with the -v flag to determine what the mount command is trying to do. It can also be used to add entries for devices that were mounted earlier with the -n option. The -f option checks for an existing record in /etc/mtab and fails when the record already exists (with a regular non-fake mount, this check is done by the kernel).

-i, --internal-only

Don’t call the /sbin/mount.filesystem helper even if it exists.

-L, --label label

Mount the partition that has the specified label.

-l, --show-labels

Add the labels in the mount output. mount must have permission to read the disk device (e.g. be set-user-ID root) for this to work. One can set such a label for ext2, ext3 or ext4 using the e2label(8) utility, or for XFS using xfs_admin(8), or for reiserfs using reiserfstune(8).

-M, --move

Move a subtree to some other place. See above, the subsection The move operation.

-n, --no-mtab

Mount without writing in /etc/mtab. This is necessary for example when /etc is on a read-only filesystem.

-N, --namespace ns

Perform the mount operation in the mount namespace specified by ns. ns is either PID of process running in that namespace or special file representing that namespace.

mount switches to the mount namespace when it reads /etc/fstab, writes /etc/mtab: (or writes to _/run/mount) and calls the mount(2) system call, otherwise it runs in the original mount namespace. This means that the target namespace does not have to contain any libraries or other requirements necessary to execute the mount(2) call.

See mount_namespaces(7) for more information.

-O, --test-opts opts

Limit the set of filesystems to which the -a option applies. In this regard it is like the -t option except that -O is useless without -a. For example, the command

mount -a -O no_netdev

mounts all filesystems except those which have the option netdev specified in the options field in the /etc/fstab file.

It is different from -t in that each option is matched exactly; a leading no at the beginning of one option does not negate the rest.

The -t and -O options are cumulative in effect; that is, the command

mount -a -t ext2 -O _netdev

mounts all ext2 filesystems with the _netdev option, not all filesystems that are either ext2 or have the _netdev option specified.

-o, --options opts

Use the specified mount options. The opts argument is a comma-separated list. For example:

mount LABEL=mydisk -o noatime,nodev,nosuid

For more details, see the FILESYSTEM-INDEPENDENT MOUNT OPTIONS and FILESYSTEM-SPECIFIC MOUNT OPTIONS sections.

--options-mode mode

Controls how to combine options from fstab/mtab with options from the command line. mode can be one of ignore, append, prepend or replace. For example, append means that options from fstab are appended to options from the command line. The default value is prepend — it means command line options are evaluated after fstab options. Note that the last option wins if there are conflicting ones.

--options-source source

Source of default options. source is a comma-separated list of fstab, mtab and disable. disable disables fstab and mtab and disables --options-source-force. The default value is fstab,mtab.

--options-source-force

Use options from fstab/mtab even if both device and dir are specified.

-R, --rbind

Remount a subtree and all possible submounts somewhere else (so that its contents are available in both places). See above, the subsection Bind mounts.

-r, --read-only

Mount the filesystem read-only. A synonym is -o ro.

Note that, depending on the filesystem type, state and kernel behavior, the system may still write to the device. For example, ext3 and ext4 will replay the journal if the filesystem is dirty. To prevent this kind of write access, you may want to mount an ext3 or ext4 filesystem with the ro,noload mount options or set the block device itself to read-only mode, see the blockdev(8) command.

-s

Tolerate sloppy mount options rather than failing. This will ignore mount options not supported by a filesystem type. Not all filesystems support this option. Currently it’s supported by the mount.nfs mount helper only.

--source device

If only one argument for the mount command is given, then the argument might be interpreted as the target (mountpoint) or source (device). This option allows you to explicitly define that the argument is the mount source.

--target directory

If only one argument for the mount command is given, then the argument might be interpreted as the target (mountpoint) or source (device). This option allows you to explicitly define that the argument is the mount target.

--target-prefix directory

Prepend the specified directory to all mount targets. This option can be used to follow fstab, but mount operations are done in another place, for example:

mount --all --target-prefix /chroot -o X-mount.mkdir

mounts all from system fstab to /chroot, all missing mountpoint are created (due to X-mount.mkdir). See also --fstab to use an alternative fstab.

-T, --fstab path

Specifies an alternative fstab file. If path is a directory, then the files in the directory are sorted by strverscmp(3); files that start with "." or without an .fstab extension are ignored. The option can be specified more than once. This option is mostly designed for initramfs or chroot scripts where additional configuration is specified beyond standard system configuration.

Note that mount does not pass the option --fstab to the /sbin/mount.type helpers, meaning that the alternative fstab files will be invisible for the helpers. This is no problem for normal mounts, but user (non-root) mounts always require fstab to verify the user’s rights.

-t, --types fstype

The argument following the -t is used to indicate the filesystem type. The filesystem types which are currently supported depend on the running kernel. See /proc/filesystems and /lib/modules/$(uname -r)/kernel/fs for a complete list of the filesystems. The most common are ext2, ext3, ext4, xfs, btrfs, vfat, sysfs, proc, nfs and cifs.

The programs mount and umount(8) support filesystem subtypes. The subtype is defined by a '.subtype' suffix. For example 'fuse.sshfs'. It’s recommended to use subtype notation rather than add any prefix to the mount source (for example 'sshfs#example.com' is deprecated).

If no -t option is given, or if the auto type is specified, mount will try to guess the desired type. mount uses the libblkid(3) library for guessing the filesystem type; if that does not turn up anything that looks familiar, mount will try to read the file /etc/filesystems, or, if that does not exist, /proc/filesystems. All of the filesystem types listed there will be tried, except for those that are labeled "nodev" (e.g. devpts, proc and nfs). If /etc/filesystems ends in a line with a single *, mount will read /proc/filesystems afterwards. While trying, all filesystem types will be mounted with the mount option silent.

The auto type may be useful for user-mounted floppies. Creating a file /etc/filesystems can be useful to change the probe order (e.g., to try vfat before msdos or ext3 before ext2) or if you use a kernel module autoloader.

More than one type may be specified in a comma-separated list, for the -t option as well as in an /etc/fstab entry. The list of filesystem types for the -t option can be prefixed with no to specify the filesystem types on which no action should be taken. The prefix no has no effect when specified in an /etc/fstab entry.

The prefix no can be meaningful with the -a option. For example, the command

mount -a -t nomsdos,smbfs

mounts all filesystems except those of type msdos and smbfs.

For most types all the mount program has to do is issue a simple mount(2) system call, and no detailed knowledge of the filesystem type is required. For a few types however (like nfs, nfs4, cifs, smbfs, ncpfs) an ad hoc code is necessary. The nfs, nfs4, cifs, smbfs, and ncpfs filesystems have a separate mount program. In order to make it possible to treat all types in a uniform way, mount will execute the program /sbin/mount.type (if that exists) when called with type type. Since different versions of the smbmount program have different calling conventions, /sbin/mount.smbfs may have to be a shell script that sets up the desired call.

-U, --uuid uuid

Mount the partition that has the specified uuid.

-v, --verbose

Verbose mode.

-w, --rw, --read-write

Mount the filesystem read/write. Read-write is the kernel default and the mount default is to try read-only if the previous mount syscall with read-write flags on write-protected devices of filesystems failed.

A synonym is -o rw.

Note that specifying -w on the command line forces mount to never try read-only mount on write-protected devices or already mounted read-only filesystems.

-V, --version

Display version information and exit.

-h, --help

Display help text and exit.

FILESYSTEM-INDEPENDENT MOUNT OPTIONS

Some of these options are only useful when they appear in the /etc/fstab file.

Some of these options could be enabled or disabled by default in the system kernel. To check the current setting see the options in /proc/mounts. Note that filesystems also have per-filesystem specific default mount options (see for example tune2fs -l output for ext_N_ filesystems).

The following options apply to any filesystem that is being mounted (but not every filesystem actually honors them - e.g., the sync option today has an effect only for ext2, ext3, ext4, fat, vfat, ufs and xfs):

async

All I/O to the filesystem should be done asynchronously. (See also the sync option.)

atime

Do not use the noatime feature, so the inode access time is controlled by kernel defaults. See also the descriptions of the relatime and strictatime mount options.

noatime

Do not update inode access times on this filesystem (e.g. for faster access on the news spool to speed up news servers). This works for all inode types (directories too), so it implies nodiratime.

auto

Can be mounted with the -a option.

noauto

Can only be mounted explicitly (i.e., the -a option will not cause the filesystem to be mounted).

context=context, fscontext=context, defcontext=context, and rootcontext=context

The context= option is useful when mounting filesystems that do not support extended attributes, such as a floppy or hard disk formatted with VFAT, or systems that are not normally running under SELinux, such as an ext3 or ext4 formatted disk from a non-SELinux workstation. You can also use context= on filesystems you do not trust, such as a floppy. It also helps in compatibility with xattr-supporting filesystems on earlier 2.4.<x> kernel versions. Even where xattrs are supported, you can save time not having to label every file by assigning the entire disk one security context.

A commonly used option for removable media is context="system_u:object_r:removable_t.

The fscontext= option works for all filesystems, regardless of their xattr support. The fscontext option sets the overarching filesystem label to a specific security context. This filesystem label is separate from the individual labels on the files. It represents the entire filesystem for certain kinds of permission checks, such as during mount or file creation. Individual file labels are still obtained from the xattrs on the files themselves. The context option actually sets the aggregate context that fscontext provides, in addition to supplying the same label for individual files.

You can set the default security context for unlabeled files using defcontext= option. This overrides the value set for unlabeled files in the policy and requires a filesystem that supports xattr labeling.

The rootcontext= option allows you to explicitly label the root inode of a FS being mounted before that FS or inode becomes visible to userspace. This was found to be useful for things like stateless Linux.

Note that the kernel rejects any remount request that includes the context option, even when unchanged from the current context.

Warning: the context value might contain commas, in which case the value has to be properly quoted, otherwise mount will interpret the comma as a separator between mount options. Don’t forget that the shell strips off quotes and thus double quoting is required. For example:

mount -t tmpfs none /mnt -o \ 'context="system_u:object_r:tmp_t:s0:c127,c456",noexec'

For more details, see selinux(8).

defaults

Use the default options: rw, suid, dev, exec, auto, nouser, and async.

Note that the real set of all default mount options depends on the kernel and filesystem type. See the beginning of this section for more details.

dev

Interpret character or block special devices on the filesystem.

nodev

Do not interpret character or block special devices on the filesystem.

diratime

Update directory inode access times on this filesystem. This is the default. (This option is ignored when noatime is set.)

nodiratime

Do not update directory inode access times on this filesystem. (This option is implied when noatime is set.)

dirsync

All directory updates within the filesystem should be done synchronously. This affects the following system calls: creat(2), link(2), unlink(2), symlink(2), mkdir(2), rmdir(2), mknod(2) and rename(2).

exec

Permit execution of binaries.

noexec

Do not permit direct execution of any binaries on the mounted filesystem.

group

Allow an ordinary user to mount the filesystem if one of that user’s groups matches the group of the device. This option implies the options nosuid and nodev (unless overridden by subsequent options, as in the option line group,dev,suid).

iversion

Every time the inode is modified, the i_version field will be incremented.

noiversion

Do not increment the i_version inode field.

mand

Allow mandatory locks on this filesystem. See fcntl(2).

nomand

Do not allow mandatory locks on this filesystem.

_netdev

The filesystem resides on a device that requires network access (used to prevent the system from attempting to mount these filesystems until the network has been enabled on the system).

nofail

Do not report errors for this device if it does not exist.

relatime

Update inode access times relative to modify or change time. Access time is only updated if the previous access time was earlier than the current modify or change time. (Similar to noatime, but it doesn’t break mutt(1) or other applications that need to know if a file has been read since the last time it was modified.)

Since Linux 2.6.30, the kernel defaults to the behavior provided by this option (unless noatime was specified), and the strictatime option is required to obtain traditional semantics. In addition, since Linux 2.6.30, the file’s last access time is always updated if it is more than 1 day old.

norelatime

Do not use the relatime feature. See also the strictatime mount option.

strictatime

Allows to explicitly request full atime updates. This makes it possible for the kernel to default to relatime or noatime but still allow userspace to override it. For more details about the default system mount options see /proc/mounts.

nostrictatime

Use the kernel’s default behavior for inode access time updates.

lazytime

Only update times (atime, mtime, ctime) on the in-memory version of the file inode.

This mount option significantly reduces writes to the inode table for workloads that perform frequent random writes to preallocated files.

The on-disk timestamps are updated only when:

•the inode needs to be updated for some change unrelated to file timestamps

•the application employs fsync(2), syncfs(2), or sync(2)

•an undeleted inode is evicted from memory

•more than 24 hours have passed since the inode was written to disk.

nolazytime

Do not use the lazytime feature.

suid

Honor set-user-ID and set-group-ID bits or file capabilities when executing programs from this filesystem.

nosuid

Do not honor set-user-ID and set-group-ID bits or file capabilities when executing programs from this filesystem. In addition, SELinux domain transitions require permission nosuid_transition, which in turn needs also policy capability nnp_nosuid_transition.

silent

Turn on the silent flag.

loud

Turn off the silent flag.

owner

Allow an ordinary user to mount the filesystem if that user is the owner of the device. This option implies the options nosuid and nodev (unless overridden by subsequent options, as in the option line owner,dev,suid).

remount

Attempt to remount an already-mounted filesystem. This is commonly used to change the mount flags for a filesystem, especially to make a readonly filesystem writable. It does not change device or mount point.

The remount operation together with the bind flag has special semantics. See above, the subsection Bind mounts.

The remount functionality follows the standard way the mount command works with options from fstab. This means that mount does not read fstab (or mtab) only when both device and dir are specified.

mount -o remount,rw /dev/foo /dir

After this call all old mount options are replaced and arbitrary stuff from fstab (or mtab) is ignored, except the loop= option which is internally generated and maintained by the mount command.

mount -o remount,rw /dir

After this call, mount reads fstab and merges these options with the options from the command line (-o). If no mountpoint is found in fstab, then a remount with unspecified source is allowed.

mount allows the use of --all to remount all already mounted filesystems which match a specified filter (-O and -t). For example:

mount --all -o remount,ro -t vfat

remounts all already mounted vfat filesystems in read-only mode. Each of the filesystems is remounted by mount -o remount,ro /dir semantic. This means the mount command reads fstab or mtab and merges these options with the options from the command line.

ro

Mount the filesystem read-only.

rw

Mount the filesystem read-write.

sync

All I/O to the filesystem should be done synchronously. In the case of media with a limited number of write cycles (e.g. some flash drives), sync may cause life-cycle shortening.

user

Allow an ordinary user to mount the filesystem. The name of the mounting user is written to the mtab file (or to the private libmount file in /run/mount on systems without a regular mtab) so that this same user can unmount the filesystem again. This option implies the options noexec, nosuid, and nodev (unless overridden by subsequent options, as in the option line user,exec,dev,suid).

nouser

Forbid an ordinary user to mount the filesystem. This is the default; it does not imply any other options.

users

Allow any user to mount and to unmount the filesystem, even when some other ordinary user mounted it. This option implies the options noexec, nosuid, and nodev (unless overridden by subsequent options, as in the option line users,exec,dev,suid).

X-*

All options prefixed with "X-" are interpreted as comments or as userspace application-specific options. These options are not stored in user space (e.g., mtab file), nor sent to the mount.type helpers nor to the mount(2) system call. The suggested format is X-appname.option.

x-*

The same as X-* options, but stored permanently in user space. This means the options are also available for umount(8) or other operations. Note that maintaining mount options in user space is tricky, because it’s necessary use libmount-based tools and there is no guarantee that the options will be always available (for example after a move mount operation or in unshared namespace).

Note that before util-linux v2.30 the x-* options have not been maintained by libmount and stored in user space (functionality was the same as for X-* now), but due to the growing number of use-cases (in initrd, systemd etc.) the functionality has been extended to keep existing fstab configurations usable without a change.

X-mount.mkdir[=mode]

Allow to make a target directory (mountpoint) if it does not exit yet. The optional argument mode specifies the filesystem access mode used for mkdir(2) in octal notation. The default mode is 0755. This functionality is supported only for root users or when mount executed without suid permissions. The option is also supported as x-mount.mkdir, this notation is deprecated since v2.30.

nosymfollow

Do not follow symlinks when resolving paths. Symlinks can still be created, and readlink(1), readlink(2), realpath(1), and realpath(3) all still work properly.

FILESYSTEM-SPECIFIC MOUNT OPTIONS

This section lists options that are specific to particular filesystems. Where possible, you should first consult filesystem-specific manual pages for details. Some of those pages are listed in the following table.

Filesystem(s) Manual page
btrfs btrfs(5)
cifs mount.cifs(8)
ext2, ext3, ext4 ext4(5)
fuse fuse(8)
nfs nfs(5)
tmpfs tmpfs(5)
xfs xfs(5)

Note that some of the pages listed above might be available only after you install the respective userland tools.

The following options apply only to certain filesystems. We sort them by filesystem. All options follow the -o flag.

What options are supported depends a bit on the running kernel. Further information may be available in filesystem-specific files in the kernel source subdirectory Documentation/filesystems.

Mount options for adfs

uid=value and gid=value

Set the owner and group of the files in the filesystem (default: uid=gid=0).

ownmask=value and othmask=value

Set the permission mask for ADFS 'owner' permissions and 'other' permissions, respectively (default: 0700 and 0077, respectively). See also /usr/src/linux/Documentation/filesystems/adfs.rst.

Mount options for affs

uid=value and gid=value

Set the owner and group of the root of the filesystem (default: uid=gid=0, but with option uid or gid without specified value, the UID and GID of the current process are taken).

setuid=value and setgid=value

Set the owner and group of all files.

mode=value

Set the mode of all files to value & 0777 disregarding the original permissions. Add search permission to directories that have read permission. The value is given in octal.

protect

Do not allow any changes to the protection bits on the filesystem.

usemp

Set UID and GID of the root of the filesystem to the UID and GID of the mount point upon the first sync or umount, and then clear this option. Strange...

verbose

Print an informational message for each successful mount.

prefix=string

Prefix used before volume name, when following a link.

volume=string

Prefix (of length at most 30) used before '/' when following a symbolic link.

reserved=value

(Default: 2.) Number of unused blocks at the start of the device.

root=value

Give explicitly the location of the root block.

bs=value

Give blocksize. Allowed values are 512, 1024, 2048, 4096.

grpquota|noquota|quota|usrquota

These options are accepted but ignored. (However, quota utilities may react to such strings in /etc/fstab.)

Mount options for debugfs

The debugfs filesystem is a pseudo filesystem, traditionally mounted on /sys/kernel/debug. As of kernel version 3.4, debugfs has the following options:

uid=n, gid=n

Set the owner and group of the mountpoint.

mode=value

Sets the mode of the mountpoint.

Mount options for devpts

The devpts filesystem is a pseudo filesystem, traditionally mounted on /dev/pts. In order to acquire a pseudo terminal, a process opens /dev/ptmx; the number of the pseudo terminal is then made available to the process and the pseudo terminal slave can be accessed as /dev/pts/<number>.

uid=value and gid=value

This sets the owner or the group of newly created pseudo terminals to the specified values. When nothing is specified, they will be set to the UID and GID of the creating process. For example, if there is a tty group with GID 5, then gid=5 will cause newly created pseudo terminals to belong to the tty group.

mode=value

Set the mode of newly created pseudo terminals to the specified value. The default is 0600. A value of mode=620 and gid=5 makes "mesg y" the default on newly created pseudo terminals.

newinstance

Create a private instance of the devpts filesystem, such that indices of pseudo terminals allocated in this new instance are independent of indices created in other instances of devpts.

All mounts of devpts without this newinstance option share the same set of pseudo terminal indices (i.e., legacy mode). Each mount of devpts with the newinstance option has a private set of pseudo terminal indices.

This option is mainly used to support containers in the Linux kernel. It is implemented in Linux kernel versions starting with 2.6.29. Further, this mount option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.

To use this option effectively, /dev/ptmx must be a symbolic link to pts/ptmx. See Documentation/filesystems/devpts.txt in the Linux kernel source tree for details.

ptmxmode=value

Set the mode for the new ptmx device node in the devpts filesystem.

With the support for multiple instances of devpts (see newinstance option above), each instance has a private ptmx node in the root of the devpts filesystem (typically /dev/pts/ptmx).

For compatibility with older versions of the kernel, the default mode of the new ptmx node is 0000. ptmxmode=value specifies a more useful mode for the ptmx node and is highly recommended when the newinstance option is specified.

This option is only implemented in Linux kernel versions starting with 2.6.29. Further, this option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.

Mount options for fat

(Note: fat is not a separate filesystem, but a common part of the msdos, umsdos and vfat filesystems.)

blocksize={512|1024|2048}

Set blocksize (default 512). This option is obsolete.

uid=value and gid=value

Set the owner and group of all files. (Default: the UID and GID of the current process.)

umask=value

Set the umask (the bitmask of the permissions that are not present). The default is the umask of the current process. The value is given in octal.

dmask=value

Set the umask applied to directories only. The default is the umask of the current process. The value is given in octal.

fmask=value

Set the umask applied to regular files only. The default is the umask of the current process. The value is given in octal.

allow_utime=value

This option controls the permission check of mtime/atime.

20

If current process is in group of file’s group ID, you can change timestamp.

2

Other users can change timestamp.

The default is set from 'dmask' option. (If the directory is writable, utime(2) is also allowed. I.e. ~dmask & 022)

Normally utime(2) checks that the current process is owner of the file, or that it has the CAP_FOWNER capability. But FAT filesystems don’t have UID/GID on disk, so the normal check is too inflexible. With this option you can relax it.

check=value

Three different levels of pickiness can be chosen:

r[elaxed]

Upper and lower case are accepted and equivalent, long name parts are truncated (e.g. verylongname.foobar becomes verylong.foo), leading and embedded spaces are accepted in each name part (name and extension).

n[ormal]

Like "relaxed", but many special characters (*, ?, <, spaces, etc.) are rejected. This is the default.

s[trict]

Like "normal", but names that contain long parts or special characters that are sometimes used on Linux but are not accepted by MS-DOS (+, =, etc.) are rejected.

codepage=value

Sets the codepage for converting to shortname characters on FAT and VFAT filesystems. By default, codepage 437 is used.

conv=mode

This option is obsolete and may fail or be ignored.

cvf_format=module

Forces the driver to use the CVF (Compressed Volume File) module cvf__module_ instead of auto-detection. If the kernel supports kmod, the cvf_format=xxx option also controls on-demand CVF module loading. This option is obsolete.

cvf_option=option

Option passed to the CVF module. This option is obsolete.

debug

Turn on the debug flag. A version string and a list of filesystem parameters will be printed (these data are also printed if the parameters appear to be inconsistent).

discard

If set, causes discard/TRIM commands to be issued to the block device when blocks are freed. This is useful for SSD devices and sparse/thinly-provisioned LUNs.

dos1xfloppy

If set, use a fallback default BIOS Parameter Block configuration, determined by backing device size. These static parameters match defaults assumed by DOS 1.x for 160 kiB, 180 kiB, 320 kiB, and 360 kiB floppies and floppy images.

errors={panic|continue|remount-ro}

Specify FAT behavior on critical errors: panic, continue without doing anything, or remount the partition in read-only mode (default behavior).

fat={12|16|32}

Specify a 12, 16 or 32 bit fat. This overrides the automatic FAT type detection routine. Use with caution!

iocharset=value

Character set to use for converting between 8 bit characters and 16 bit Unicode characters. The default is iso8859-1. Long filenames are stored on disk in Unicode format.

nfs={stale_rw|nostale_ro}

Enable this only if you want to export the FAT filesystem over NFS.

stale_rw: This option maintains an index (cache) of directory inodes which is used by the nfs-related code to improve look-ups. Full file operations (read/write) over NFS are supported but with cache eviction at NFS server, this could result in spurious ESTALE errors.

nostale_ro: This option bases the inode number and file handle on the on-disk location of a file in the FAT directory entry. This ensures that ESTALE will not be returned after a file is evicted from the inode cache. However, it means that operations such as rename, create and unlink could cause file handles that previously pointed at one file to point at a different file, potentially causing data corruption. For this reason, this option also mounts the filesystem readonly.

To maintain backward compatibility, -o nfs is also accepted, defaulting to stale_rw.

tz=UTC

This option disables the conversion of timestamps between local time (as used by Windows on FAT) and UTC (which Linux uses internally). This is particularly useful when mounting devices (like digital cameras) that are set to UTC in order to avoid the pitfalls of local time.

time_offset=minutes

Set offset for conversion of timestamps from local time used by FAT to UTC. I.e., minutes will be subtracted from each timestamp to convert it to UTC used internally by Linux. This is useful when the time zone set in the kernel via settimeofday(2) is not the time zone used by the filesystem. Note that this option still does not provide correct time stamps in all cases in presence of DST - time stamps in a different DST setting will be off by one hour.

quiet

Turn on the quiet flag. Attempts to chown or chmod files do not return errors, although they fail. Use with caution!

rodir

FAT has the ATTR_RO (read-only) attribute. On Windows, the ATTR_RO of the directory will just be ignored, and is used only by applications as a flag (e.g. it’s set for the customized folder).

If you want to use ATTR_RO as read-only flag even for the directory, set this option.

showexec

If set, the execute permission bits of the file will be allowed only if the extension part of the name is .EXE, .COM, or .BAT. Not set by default.

sys_immutable

If set, ATTR_SYS attribute on FAT is handled as IMMUTABLE flag on Linux. Not set by default.

flush

If set, the filesystem will try to flush to disk more early than normal. Not set by default.

usefree

Use the "free clusters" value stored on FSINFO. It’ll be used to determine number of free clusters without scanning disk. But it’s not used by default, because recent Windows don’t update it correctly in some case. If you are sure the "free clusters" on FSINFO is correct, by this option you can avoid scanning disk.

dots, nodots, dotsOK=[yes|no]

Various misguided attempts to force Unix or DOS conventions onto a FAT filesystem.

Mount options for hfs

creator=cccc, type=cccc

Set the creator/type values as shown by the MacOS finder used for creating new files. Default values: '????'.

uid=n, gid=n

Set the owner and group of all files. (Default: the UID and GID of the current process.)

dir_umask=n, file_umask=n, umask=n

Set the umask used for all directories, all regular files, or all files and directories. Defaults to the umask of the current process.

session=n

Select the CDROM session to mount. Defaults to leaving that decision to the CDROM driver. This option will fail with anything but a CDROM as underlying device.

part=n

Select partition number n from the device. Only makes sense for CDROMs. Defaults to not parsing the partition table at all.

quiet

Don’t complain about invalid mount options.

Mount options for hpfs

uid=value and gid=value

Set the owner and group of all files. (Default: the UID and GID of the current process.)

umask=value

Set the umask (the bitmask of the permissions that are not present). The default is the umask of the current process. The value is given in octal.

case={lower|asis}

Convert all files names to lower case, or leave them. (Default: case=lower.)

conv=mode

This option is obsolete and may fail or being ignored.

nocheck

Do not abort mounting when certain consistency checks fail.

Mount options for iso9660

ISO 9660 is a standard describing a filesystem structure to be used on CD-ROMs. (This filesystem type is also seen on some DVDs. See also the udf filesystem.)

Normal iso9660 filenames appear in an 8.3 format (i.e., DOS-like restrictions on filename length), and in addition all characters are in upper case. Also there is no field for file ownership, protection, number of links, provision for block/character devices, etc.

Rock Ridge is an extension to iso9660 that provides all of these UNIX-like features. Basically there are extensions to each directory record that supply all of the additional information, and when Rock Ridge is in use, the filesystem is indistinguishable from a normal UNIX filesystem (except that it is read-only, of course).

norock

Disable the use of Rock Ridge extensions, even if available. Cf. map.

nojoliet

Disable the use of Microsoft Joliet extensions, even if available. Cf. map.

check={r[elaxed]|s[trict]}

With check=relaxed, a filename is first converted to lower case before doing the lookup. This is probably only meaningful together with norock and map=normal. (Default: check=strict.)

uid=value and gid=value

Give all files in the filesystem the indicated user or group id, possibly overriding the information found in the Rock Ridge extensions. (Default: uid=0,gid=0.)

map={n[ormal]|o[ff]|a[corn]}

For non-Rock Ridge volumes, normal name translation maps upper to lower case ASCII, drops a trailing ';1', and converts ';' to '.'. With map=off no name translation is done. See norock. (Default: map=normal.) map=acorn is like map=normal but also apply Acorn extensions if present.

mode=value

For non-Rock Ridge volumes, give all files the indicated mode. (Default: read and execute permission for everybody.) Octal mode values require a leading 0.

unhide

Also show hidden and associated files. (If the ordinary files and the associated or hidden files have the same filenames, this may make the ordinary files inaccessible.)

block={512|1024|2048}

Set the block size to the indicated value. (Default: block=1024.)

conv=mode

This option is obsolete and may fail or being ignored.

cruft

If the high byte of the file length contains other garbage, set this mount option to ignore the high order bits of the file length. This implies that a file cannot be larger than 16 MB.

session=x

Select number of session on a multisession CD.

sbsector=xxx

Session begins from sector xxx.

The following options are the same as for vfat and specifying them only makes sense when using discs encoded using Microsoft’s Joliet extensions.

iocharset=value

Character set to use for converting 16 bit Unicode characters on CD to 8 bit characters. The default is iso8859-1.

utf8

Convert 16 bit Unicode characters on CD to UTF-8.

Mount options for jfs

iocharset=name

Character set to use for converting from Unicode to ASCII. The default is to do no conversion. Use iocharset=utf8 for UTF8 translations. This requires CONFIG_NLS_UTF8 to be set in the kernel .config file.

resize=value

Resize the volume to value blocks. JFS only supports growing a volume, not shrinking it. This option is only valid during a remount, when the volume is mounted read-write. The resize keyword with no value will grow the volume to the full size of the partition.

nointegrity

Do not write to the journal. The primary use of this option is to allow for higher performance when restoring a volume from backup media. The integrity of the volume is not guaranteed if the system abnormally ends.

integrity

Default. Commit metadata changes to the journal. Use this option to remount a volume where the nointegrity option was previously specified in order to restore normal behavior.

errors={continue|remount-ro|panic}

Define the behavior when an error is encountered. (Either ignore errors and just mark the filesystem erroneous and continue, or remount the filesystem read-only, or panic and halt the system.)

noquota|quota|usrquota|grpquota

These options are accepted but ignored.

Mount options for msdos

See mount options for fat. If the msdos filesystem detects an inconsistency, it reports an error and sets the file system read-only. The filesystem can be made writable again by remounting it.

Mount options for ncpfs

Just like nfs, the ncpfs implementation expects a binary argument (a struct ncp_mount_data) to the mount system call. This argument is constructed by ncpmount(8) and the current version of mount (2.12) does not know anything about ncpfs.

Mount options for ntfs

iocharset=name

Character set to use when returning file names. Unlike VFAT, NTFS suppresses names that contain nonconvertible characters. Deprecated.

nls=name

New name for the option earlier called iocharset.

utf8

Use UTF-8 for converting file names.

uni_xlate={0|1|2}

For 0 (or 'no' or 'false'), do not use escape sequences for unknown Unicode characters. For 1 (or 'yes' or 'true') or 2, use vfat-style 4-byte escape sequences starting with ":". Here 2 gives a little-endian encoding and 1 a byteswapped bigendian encoding.

posix=[0|1]

If enabled (posix=1), the filesystem distinguishes between upper and lower case. The 8.3 alias names are presented as hard links instead of being suppressed. This option is obsolete.

uid=value, gid=value and umask=value

Set the file permission on the filesystem. The umask value is given in octal. By default, the files are owned by root and not readable by somebody else.

Mount options for overlay

Since Linux 3.18 the overlay pseudo filesystem implements a union mount for other filesystems.

An overlay filesystem combines two filesystems - an upper filesystem and a lower filesystem. When a name exists in both filesystems, the object in the upper filesystem is visible while the object in the lower filesystem is either hidden or, in the case of directories, merged with the upper object.

The lower filesystem can be any filesystem supported by Linux and does not need to be writable. The lower filesystem can even be another overlayfs. The upper filesystem will normally be writable and if it is it must support the creation of trusted.* extended attributes, and must provide a valid d_type in readdir responses, so NFS is not suitable.

A read-only overlay of two read-only filesystems may use any filesystem type. The options lowerdir and upperdir are combined into a merged directory by using:

mount -t overlay  overlay  \

-olowerdir=/lower,upperdir=/upper,workdir=/work /merged

lowerdir=directory

Any filesystem, does not need to be on a writable filesystem.

upperdir=directory

The upperdir is normally on a writable filesystem.

workdir=directory

The workdir needs to be an empty directory on the same filesystem as upperdir.

userxattr

Use the "user.overlay." xattr namespace instead of "trusted.overlay.". This is useful for unprivileged mounting of overlayfs.

redirect_dir={on|off|follow|nofollow}

If the redirect_dir feature is enabled, then the directory will be copied up (but not the contents). Then the "{trusted|user}.overlay.redirect" extended attribute is set to the path of the original location from the root of the overlay. Finally the directory is moved to the new location.

on

Redirects are enabled.

off

Redirects are not created and only followed if "redirect_always_follow" feature is enabled in the kernel/module config.

follow

Redirects are not created, but followed.

nofollow

Redirects are not created and not followed (equivalent to "redirect_dir=off" if "redirect_always_follow" feature is not enabled).

index={on|off}

Inode index. If this feature is disabled and a file with multiple hard links is copied up, then this will "break" the link. Changes will not be propagated to other names referring to the same inode.

uuid={on|off}

Can be used to replace UUID of the underlying filesystem in file handles with null, and effectively disable UUID checks. This can be useful in case the underlying disk is copied and the UUID of this copy is changed. This is only applicable if all lower/upper/work directories are on the same filesystem, otherwise it will fallback to normal behaviour.

nfs_export={on|off}

When the underlying filesystems supports NFS export and the "nfs_export" feature is enabled, an overlay filesystem may be exported to NFS.

With the “nfs_export” feature, on copy_up of any lower object, an index entry is created under the index directory. The index entry name is the hexadecimal representation of the copy up origin file handle. For a non-directory object, the index entry is a hard link to the upper inode. For a directory object, the index entry has an extended attribute "{trusted|user}.overlay.upper" with an encoded file handle of the upper directory inode.

When encoding a file handle from an overlay filesystem object, the following rules apply

•For a non-upper object, encode a lower file handle from lower inode

•For an indexed object, encode a lower file handle from copy_up origin

•For a pure-upper object and for an existing non-indexed upper object, encode an upper file handle from upper inode

The encoded overlay file handle includes

•Header including path type information (e.g. lower/upper)

•UUID of the underlying filesystem

•Underlying filesystem encoding of underlying inode

This encoding format is identical to the encoding format file handles that are stored in extended attribute "{trusted|user}.overlay.origin". When decoding an overlay file handle, the following steps are followed

•Find underlying layer by UUID and path type information.

•Decode the underlying filesystem file handle to underlying dentry.

•For a lower file handle, lookup the handle in index directory by name.

•If a whiteout is found in index, return ESTALE. This represents an overlay object that was deleted after its file handle was encoded.

•For a non-directory, instantiate a disconnected overlay dentry from the decoded underlying dentry, the path type and index inode, if found.

•For a directory, use the connected underlying decoded dentry, path type and index, to lookup a connected overlay dentry.

Decoding a non-directory file handle may return a disconnected dentry. copy_up of that disconnected dentry will create an upper index entry with no upper alias.

When overlay filesystem has multiple lower layers, a middle layer directory may have a "redirect" to lower directory. Because middle layer "redirects" are not indexed, a lower file handle that was encoded from the "redirect" origin directory, cannot be used to find the middle or upper layer directory. Similarly, a lower file handle that was encoded from a descendant of the "redirect" origin directory, cannot be used to reconstruct a connected overlay path. To mitigate the cases of directories that cannot be decoded from a lower file handle, these directories are copied up on encode and encoded as an upper file handle. On an overlay filesystem with no upper layer this mitigation cannot be used NFS export in this setup requires turning off redirect follow (e.g. "redirect_dir=nofollow").

The overlay filesystem does not support non-directory connectable file handles, so exporting with the subtree_check exportfs configuration will cause failures to lookup files over NFS.

When the NFS export feature is enabled, all directory index entries are verified on mount time to check that upper file handles are not stale. This verification may cause significant overhead in some cases.

Note: the mount options index=off,nfs_export=on are conflicting for a read-write mount and will result in an error.

xinfo={on|off|auto}

The "xino" feature composes a unique object identifier from the real object st_ino and an underlying fsid index. The "xino" feature uses the high inode number bits for fsid, because the underlying filesystems rarely use the high inode number bits. In case the underlying inode number does overflow into the high xino bits, overlay filesystem will fall back to the non xino behavior for that inode.

For a detailed description of the effect of this option please refer to <https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html?highlight=overlayfs>

metacopy={on|off}

When metadata only copy up feature is enabled, overlayfs will only copy up metadata (as opposed to whole file), when a metadata specific operation like chown/chmod is performed. Full file will be copied up later when file is opened for WRITE operation.

In other words, this is delayed data copy up operation and data is copied up when there is a need to actually modify data.

volatile

Volatile mounts are not guaranteed to survive a crash. It is strongly recommended that volatile mounts are only used if data written to the overlay can be recreated without significant effort.

The advantage of mounting with the "volatile" option is that all forms of sync calls to the upper filesystem are omitted.

In order to avoid a giving a false sense of safety, the syncfs (and fsync) semantics of volatile mounts are slightly different than that of the rest of VFS. If any writeback error occurs on the upperdir’s filesystem after a volatile mount takes place, all sync functions will return an error. Once this condition is reached, the filesystem will not recover, and every subsequent sync call will return an error, even if the upperdir has not experience a new error since the last sync call.

When overlay is mounted with "volatile" option, the directory "$workdir/work/incompat/volatile" is created. During next mount, overlay checks for this directory and refuses to mount if present. This is a strong indicator that user should throw away upper and work directories and create fresh one. In very limited cases where the user knows that the system has not crashed and contents of upperdir are intact, The "volatile" directory can be removed.

Mount options for reiserfs

Reiserfs is a journaling filesystem.

conv

Instructs version 3.6 reiserfs software to mount a version 3.5 filesystem, using the 3.6 format for newly created objects. This filesystem will no longer be compatible with reiserfs 3.5 tools.

hash={rupasov|tea|r5|detect}

Choose which hash function reiserfs will use to find files within directories.

rupasov

A hash invented by Yury Yu. Rupasov. It is fast and preserves locality, mapping lexicographically close file names to close hash values. This option should not be used, as it causes a high probability of hash collisions.

tea

A Davis-Meyer function implemented by Jeremy Fitzhardinge. It uses hash permuting bits in the name. It gets high randomness and, therefore, low probability of hash collisions at some CPU cost. This may be used if EHASHCOLLISION errors are experienced with the r5 hash.

r5

A modified version of the rupasov hash. It is used by default and is the best choice unless the filesystem has huge directories and unusual file-name patterns.

detect

Instructs mount to detect which hash function is in use by examining the filesystem being mounted, and to write this information into the reiserfs superblock. This is only useful on the first mount of an old format filesystem.

hashed_relocation

Tunes the block allocator. This may provide performance improvements in some situations.

no_unhashed_relocation

Tunes the block allocator. This may provide performance improvements in some situations.

noborder

Disable the border allocator algorithm invented by Yury Yu. Rupasov. This may provide performance improvements in some situations.

nolog

Disable journaling. This will provide slight performance improvements in some situations at the cost of losing reiserfs’s fast recovery from crashes. Even with this option turned on, reiserfs still performs all journaling operations, save for actual writes into its journaling area. Implementation of nolog is a work in progress.

notail

By default, reiserfs stores small files and 'file tails' directly into its tree. This confuses some utilities such as lilo(8). This option is used to disable packing of files into the tree.

replayonly

Replay the transactions which are in the journal, but do not actually mount the filesystem. Mainly used by reiserfsck.

resize=number

A remount option which permits online expansion of reiserfs partitions. Instructs reiserfs to assume that the device has number blocks. This option is designed for use with devices which are under logical volume management (LVM). There is a special resizer utility which can be obtained from <ftp://ftp.namesys.com/pub/reiserfsprogs>.

user_xattr

Enable Extended User Attributes. See the attr(1) manual page.

acl

Enable POSIX Access Control Lists. See the acl(5) manual page.

barrier=none / barrier=flush

This disables / enables the use of write barriers in the journaling code. barrier=none disables, barrier=flush enables (default). This also requires an IO stack which can support barriers, and if reiserfs gets an error on a barrier write, it will disable barriers again with a warning. Write barriers enforce proper on-disk ordering of journal commits, making volatile disk write caches safe to use, at some performance penalty. If your disks are battery-backed in one way or another, disabling barriers may safely improve performance.

Mount options for ubifs

UBIFS is a flash filesystem which works on top of UBI volumes. Note that atime is not supported and is always turned off.

The device name may be specified as

ubiX_Y

UBI device number X, volume number Y

ubiY

UBI device number 0, volume number Y

ubiX:NAME

UBI device number X, volume with name NAME

ubi:NAME

UBI device number 0, volume with name NAME

Alternative ! separator may be used instead of :.

The following mount options are available:

bulk_read

Enable bulk-read. VFS read-ahead is disabled because it slows down the filesystem. Bulk-Read is an internal optimization. Some flashes may read faster if the data are read at one go, rather than at several read requests. For example, OneNAND can do "read-while-load" if it reads more than one NAND page.

no_bulk_read

Do not bulk-read. This is the default.

chk_data_crc

Check data CRC-32 checksums. This is the default.

no_chk_data_crc

Do not check data CRC-32 checksums. With this option, the filesystem does not check CRC-32 checksum for data, but it does check it for the internal indexing information. This option only affects reading, not writing. CRC-32 is always calculated when writing the data.

compr={none|lzo|zlib}

Select the default compressor which is used when new files are written. It is still possible to read compressed files if mounted with the none option.

Mount options for udf

UDF is the "Universal Disk Format" filesystem defined by OSTA, the Optical Storage Technology Association, and is often used for DVD-ROM, frequently in the form of a hybrid UDF/ISO-9660 filesystem. It is, however, perfectly usable by itself on disk drives, flash drives and other block devices. See also iso9660.

uid=

Make all files in the filesystem belong to the given user. uid=forget can be specified independently of (or usually in addition to) uid=<user> and results in UDF not storing uids to the media. In fact the recorded uid is the 32-bit overflow uid -1 as defined by the UDF standard. The value is given as either <user> which is a valid user name or the corresponding decimal user id, or the special string "forget".

gid=

Make all files in the filesystem belong to the given group. gid=forget can be specified independently of (or usually in addition to) gid=<group> and results in UDF not storing gids to the media. In fact the recorded gid is the 32-bit overflow gid -1 as defined by the UDF standard. The value is given as either <group> which is a valid group name or the corresponding decimal group id, or the special string "forget".

umask=

Mask out the given permissions from all inodes read from the filesystem. The value is given in octal.

mode=

If mode= is set the permissions of all non-directory inodes read from the filesystem will be set to the given mode. The value is given in octal.

dmode=

If dmode= is set the permissions of all directory inodes read from the filesystem will be set to the given dmode. The value is given in octal.

bs=

Set the block size. Default value prior to kernel version 2.6.30 was 2048. Since 2.6.30 and prior to 4.11 it was logical device block size with fallback to 2048. Since 4.11 it is logical block size with fallback to any valid block size between logical device block size and 4096.

For other details see the mkudffs(8) 2.0+ manpage, sections COMPATIBILITY and BLOCK SIZE.

unhide

Show otherwise hidden files.

undelete

Show deleted files in lists.

adinicb

Embed data in the inode. (default)

noadinicb

Don’t embed data in the inode.

shortad

Use short UDF address descriptors.

longad

Use long UDF address descriptors. (default)

nostrict

Unset strict conformance.

iocharset=

Set the NLS character set. This requires kernel compiled with CONFIG_UDF_NLS option.

utf8

Set the UTF-8 character set.

Mount options for debugging and disaster recovery

novrs

Ignore the Volume Recognition Sequence and attempt to mount anyway.

session=

Select the session number for multi-session recorded optical media. (default= last session)

anchor=

Override standard anchor location. (default= 256)

lastblock=

Set the last block of the filesystem.

Unused historical mount options that may be encountered and should be removed

uid=ignore

Ignored, use uid=<user> instead.

gid=ignore

Ignored, use gid=<group> instead.

volume=

Unimplemented and ignored.

partition=

Unimplemented and ignored.

fileset=

Unimplemented and ignored.

rootdir=

Unimplemented and ignored.

Mount options for ufs

ufstype=value

UFS is a filesystem widely used in different operating systems. The problem are differences among implementations. Features of some implementations are undocumented, so its hard to recognize the type of ufs automatically. That’s why the user must specify the type of ufs by mount option. Possible values are:

old

Old format of ufs, this is the default, read only. (Don’t forget to give the -r option.)

44bsd

For filesystems created by a BSD-like system (NetBSD, FreeBSD, OpenBSD).

ufs2

Used in FreeBSD 5.x supported as read-write.

5xbsd

Synonym for ufs2.

sun

For filesystems created by SunOS or Solaris on Sparc.

sunx86

For filesystems created by Solaris on x86.

hp

For filesystems created by HP-UX, read-only.

nextstep

For filesystems created by NeXTStep (on NeXT station) (currently read only).

nextstep-cd

For NextStep CDROMs (block_size == 2048), read-only.

openstep

For filesystems created by OpenStep (currently read only). The same filesystem type is also used by Mac OS X.

onerror=value

Set behavior on error:

panic

If an error is encountered, cause a kernel panic.

[lock|umount|repair]

These mount options don’t do anything at present; when an error is encountered only a console message is printed.

Mount options for umsdos

See mount options for msdos. The dotsOK option is explicitly killed by umsdos.

Mount options for vfat

First of all, the mount options for fat are recognized. The dotsOK option is explicitly killed by vfat. Furthermore, there are

uni_xlate

Translate unhandled Unicode characters to special escaped sequences. This lets you backup and restore filenames that are created with any Unicode characters. Without this option, a '?' is used when no translation is possible. The escape character is ':' because it is otherwise invalid on the vfat filesystem. The escape sequence that gets used, where u is the Unicode character, is: ':', (u & 0x3f), ((u>>6) & 0x3f), (u>>12).

posix

Allow two files with names that only differ in case. This option is obsolete.

nonumtail

First try to make a short name without sequence number, before trying name~num.ext.

utf8

UTF8 is the filesystem safe 8-bit encoding of Unicode that is used by the console. It can be enabled for the filesystem with this option or disabled with utf8=0, utf8=no or utf8=false. If uni_xlate gets set, UTF8 gets disabled.

shortname=mode

Defines the behavior for creation and display of filenames which fit into 8.3 characters. If a long name for a file exists, it will always be the preferred one for display. There are four modes:

lower

Force the short name to lower case upon display; store a long name when the short name is not all upper case.

win95

Force the short name to upper case upon display; store a long name when the short name is not all upper case.

winnt

Display the short name as is; store a long name when the short name is not all lower case or all upper case.

mixed

Display the short name as is; store a long name when the short name is not all upper case. This mode is the default since Linux 2.6.32.

Mount options for usbfs

devuid=uid and devgid=gid and devmode=mode

Set the owner and group and mode of the device files in the usbfs filesystem (default: uid=gid=0, mode=0644). The mode is given in octal.

busuid=uid and busgid=gid and busmode=mode

Set the owner and group and mode of the bus directories in the usbfs filesystem (default: uid=gid=0, mode=0555). The mode is given in octal.

listuid=uid and listgid=gid and listmode=mode

Set the owner and group and mode of the file devices (default: uid=gid=0, mode=0444). The mode is given in octal.

DM-VERITY SUPPORT (EXPERIMENTAL)

The device-mapper verity target provides read-only transparent integrity checking of block devices using kernel crypto API. The mount command can open the dm-verity device and do the integrity verification before on the device filesystem is mounted. Requires libcryptsetup with in libmount (optionally via dlopen(3)). If libcryptsetup supports extracting the root hash of an already mounted device, existing devices will be automatically reused in case of a match. Mount options for dm-verity:

verity.hashdevice=path

Path to the hash tree device associated with the source volume to pass to dm-verity.

verity.roothash=hex

Hex-encoded hash of the root of verity.hashdevice. Mutually exclusive with verity.roothashfile.

verity.roothashfile=path

Path to file containing the hex-encoded hash of the root of verity.hashdevice. Mutually exclusive with verity.roothash.

verity.hashoffset=offset

If the hash tree device is embedded in the source volume, offset (default: 0) is used by dm-verity to get to the tree.

verity.fecdevice=path

Path to the Forward Error Correction (FEC) device associated with the source volume to pass to dm-verity. Optional. Requires kernel built with CONFIG_DM_VERITY_FEC.

verity.fecoffset=offset

If the FEC device is embedded in the source volume, offset (default: 0) is used by dm-verity to get to the FEC area. Optional.

verity.fecroots=value

Parity bytes for FEC (default: 2). Optional.

verity.roothashsig=path

Path to pkcs7(1ssl) signature of root hash hex string. Requires crypt_activate_by_signed_key() from cryptsetup and kernel built with CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG. For device reuse, signatures have to be either used by all mounts of a device or by none. Optional.

Supported since util-linux v2.35.

For example commands:

mksquashfs /etc /tmp/etc.squashfs
dd if=/dev/zero of=/tmp/etc.hash bs=1M count=10
veritysetup format /tmp/etc.squashfs /tmp/etc.hash
openssl smime -sign -in <hash> -nocerts -inkey private.key \
-signer private.crt -noattr -binary -outform der -out /tmp/etc.roothash.p7s
mount -o verity.hashdevice=/tmp/etc.hash,verity.roothash=<hash>,\
verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.squashfs /mnt

create squashfs image from /etc directory, verity hash device and mount verified filesystem image to /mnt. The kernel will verify that the root hash is signed by a key from the kernel keyring if roothashsig is used.

LOOP-DEVICE SUPPORT

One further possible type is a mount via the loop device. For example, the command

mount /tmp/disk.img /mnt -t vfat -o loop=/dev/loop3

will set up the loop device /dev/loop3 to correspond to the file /tmp/disk.img, and then mount this device on /mnt.

If no explicit loop device is mentioned (but just an option '-o loop' is given), then mount will try to find some unused loop device and use that, for example

mount /tmp/disk.img /mnt -o loop

The mount command automatically creates a loop device from a regular file if a filesystem type is not specified or the filesystem is known for libblkid, for example:

mount /tmp/disk.img /mnt

mount -t ext4 /tmp/disk.img /mnt

This type of mount knows about three options, namely loop, offset and sizelimit, that are really options to losetup(8). (These options can be used in addition to those specific to the filesystem type.)

Since Linux 2.6.25 auto-destruction of loop devices is supported, meaning that any loop device allocated by mount will be freed by umount independently of /etc/mtab.

You can also free a loop device by hand, using losetup -d or umount -d.

Since util-linux v2.29, mount re-uses the loop device rather than initializing a new device if the same backing file is already used for some loop device with the same offset and sizelimit. This is necessary to avoid a filesystem corruption.

EXIT STATUS

mount has the following exit status values (the bits can be ORed):

0

success

1

incorrect invocation or permissions

2

system error (out of memory, cannot fork, no more loop devices)

4

internal mount bug

8

user interrupt

16

problems writing or locking /etc/mtab

32

mount failure

64

some mount succeeded

The command mount -a returns 0 (all succeeded), 32 (all failed), or 64 (some failed, some succeeded).

EXTERNAL HELPERS

The syntax of external mount helpers is:

/sbin/mount.suffix spec dir [-sfnv] [-N namespace] [-o options] [-t type.subtype]

where the suffix is the filesystem type and the -sfnvoN options have the same meaning as the normal mount options. The -t option is used for filesystems with subtypes support (for example /sbin/mount.fuse -t fuse.sshfs).

The command mount does not pass the mount options unbindable, runbindable, private, rprivate, slave, rslave, shared, rshared, auto, noauto, comment, x-*, loop, offset and sizelimit to the mount.<suffix> helpers. All other options are used in a comma-separated list as an argument to the -o option.

ENVIRONMENT

LIBMOUNT_FSTAB=<path>

overrides the default location of the fstab file (ignored for suid)

LIBMOUNT_MTAB=<path>

overrides the default location of the mtab file (ignored for suid)

LIBMOUNT_DEBUG=all

enables libmount debug output

LIBBLKID_DEBUG=all

enables libblkid debug output

LOOPDEV_DEBUG=all

enables loop device setup debug output

FILES

See also "The files /etc/fstab, /etc/mtab and /proc/mounts" section above.

/etc/fstab

filesystem table

/run/mount

libmount private runtime directory

/etc/mtab

table of mounted filesystems or symlink to /proc/mounts

/etc/mtab~

lock file (unused on systems with mtab symlink)

/etc/mtab.tmp

temporary file (unused on systems with mtab symlink)

/etc/filesystems

a list of filesystem types to try

HISTORY

A mount command existed in Version 5 AT&T UNIX.

BUGS

It is possible for a corrupted filesystem to cause a crash.

Some Linux filesystems don’t support -o sync and -o dirsync (the ext2, ext3, ext4, fat and vfat filesystems do support synchronous updates (a la BSD) when mounted with the sync option).

The -o remount may not be able to change mount parameters (all ext2fs-specific parameters, except sb, are changeable with a remount, for example, but you can’t change gid or umask for the fatfs).

It is possible that the files /etc/mtab and /proc/mounts don’t match on systems with a regular mtab file. The first file is based only on the mount command options, but the content of the second file also depends on the kernel and others settings (e.g. on a remote NFS server — in certain cases the mount command may report unreliable information about an NFS mount point and the /proc/mount file usually contains more reliable information.) This is another reason to replace the mtab file with a symlink to the /proc/mounts file.

Checking files on NFS filesystems referenced by file descriptors (i.e. the fcntl and ioctl families of functions) may lead to inconsistent results due to the lack of a consistency check in the kernel even if the noac mount option is used.

The loop option with the offset or sizelimit options used may fail when using older kernels if the mount command can’t confirm that the size of the block device has been configured as requested. This situation can be worked around by using the losetup(8) command manually before calling mount with the configured loop device.

AUTHORS

Karel Zak <kzak@redhat.com>

SEE ALSO

mount(2), umount(2), filesystems(5), fstab(5), nfs(5), xfs(5), mount_namespaces(7), xattr(7), e2label(8), findmnt(8), losetup(8), lsblk(8), mke2fs(8), mountd(8), nfsd(8), swapon(8), tune2fs(8), umount(8), xfs_admin(8)

REPORTING BUGS

For bug reports, use the issue tracker at <https://github.com/karelzak/util-linux/issues>.

AVAILABILITY

The mount command is part of the util-linux package which can be downloaded from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-linux/>.

2022-02-14 util-linux 2.37.4