NAME
pmount - mount arbitrary hotpluggable devices as normal user
SYNOPSIS
pmount [ options ] device
pmount [ options ] device label
pmount --lock [ options ] device pid
pmount --unlock [ options ] device pid
pmount
DESCRIPTION
pmount ("policy mount") is a wrapper around the standard mount program
which permits normal users to mount removable devices without a
matching /etc/fstab entry.
pmount also supports encrypted devices which use dm-crypt and have LUKS
metadata. If a LUKS-capable cryptsetup is installed, pmount will use it
to decrypt the device first and mount the mapped unencrypted device
instead.
pmount is invoked like this:
pmount device [ label ]
This will mount device to a directory below /media if policy is met
(see below). If label is given, the mount point will be /media/label,
otherwise it will be /media/device.
The device will be mounted with the following flags:
async,atime,nodev,noexec,noauto,nosuid,user,rw
Some applications like CD burners modify a raw device which must not be
mounted while the burning process is in progress. To prevent automatic
mounting, pmount offers a locking mechanism: pmount --lock device pid
will prevent the pmounting of device until it is unlocked again using
pmount --unlock device pid. The process id pid assigns the lock to a
particular process; this allows to lock a device by several processes.
During mount, the list of locks is cleaned, i. e. all locks whose
associated process does not exist any more are removed. This prevents
forgotten indefinite locks from crashed programs.
Running pmount without arguments prints the list of mounted removable
devices, a bit in the fashion of mount (1).
Please note that you can use labels and uuids as described in fstab (5)
for devices present in /etc/fstab. In this case, the device name need
to match exactly the corresponding entry in /etc/fstab, including the
LABEL= or UUID= part.
Important note for Debian: The permission to execute pmount is
restricted to members of the system group plugdev. Please add all
desktop users who shall be able to use pmount to this group by
executing
adduser user plugdev
(as root).
POLICY
The mount will succeed if all of the following conditions are met:
· device is a block device in /dev/
· device is not in /etc/fstab (if it is, pmount executes mount device
as the calling user to handle this transparently). See below for more
details.
· device is not already mounted according to /etc/mtab and /proc/mounts
· if the mount point already exists, there is no device already mounted
at it and the directory is empty
· device is removable (USB, FireWire, or MMC device, or
/sys/block/drive/removable is 1) or whitelisted in /etc/pmount.allow.
· device is not locked
OPTIONS
-r, --read-only
Force the device to be mounted read only. If neither -r nor -w
is specified, the kernel will choose an appropriate default.
-w, --read-write
Force the device to be mounted read/write. If neither -r nor -w
is specified, the kernel will choose an appropriate default.
-s, --sync
Mount the device with the sync option, i. e. without write
caching. Default is async (write-back). With this option, write
operations are much slower and due to the massive increase of
updates of inode/FAT structures, flash devices may suffer
heavily if you write large files. This option is intended to
make it safe to just rip out USB drives without proper
unmounting.
-A, --noatime
Mount the device with the noatime option. Default is atime.
-e, --exec
Mount the device with the exec option. Default is noexec.
-t filesystem, --type filesystem
Mount as specified file system type. The file system type is
automatically determined if this option is not given. See at the
bottom for a list of currently supported filesystems.
-c charset, --charset charset
Use given I/O character set (default: utf8 if called in an UTF-8
locale, otherwise mount default). This corresponds with the
mount option iocharset (or nls for NTFS). This option is ignored
for file systems that do not support setting the character set
(see mount (8) for details). Important note: pmount will now
mount VFAT filesystems with iocharset=iso8859-1 as
iocharset=utf8 currently makes the filesystem case-sensitive
(which is pretty bad...).
-u umask, --umask umask
Use specified umask instead of the default one. For UDF, the
default is ’000’, for VFAT and NTFS the default is ’077’. This
value is ignored for file systems which do not support setting
an umask. Note that you can use a value of 077 to forbid anyone
else to read/write the files, 027 to allow your group to read
the files and 022 to allow anyone to read the files (but only
you can write).
--dmask dmask
--fmask fmask
Some filesystems (essentially VFAT and HFS) supports separate
umasks (see the -u option just above) for directories and files,
to avoid the annoying effect of having all files executable. For
these filesystems, you can specify separately the masks using
these options. By default, fmask is umask without all executable
permissions and dmask is umask. Most of the times, these
settings should just do what you want, so there should be seldom
any need for using directly the --fmask and --dmask options.
-p file --passphrase file
If the device is encrypted (dm-crypt with LUKS metadata), read
the passphrase from specified file instead of prompting at the
terminal.
-h, --help
Print a help message and exit successfully.
-d, --debug
Enable verbose debug messages.
-V, --version
Print the current version number and exit successfully.
FILES
/etc/pmount.allow
List of devices (one device per line) which are additionally
permitted for pmounting. Globs, such as /dev/sda[123] are
permitted. See see glob (7) for a more complete syntax.
SEE ALSO
pumount(1), mount(8)
SUPPORTED FILESYSTEMS
For now, pmount supports the following filesystems: udf, iso9660, vfat,
ntfs, hfsplus, hfs, ext3, ext2, ext4, reiserfs, reiser4, xfs, jfs and
omfs. They are tried sequentially in that exact order when the
filesystem is not specified.
Additionally, pmount supports the filesystem types ntfs-fuse and
ntfs-3g to mount NTFS volumes respectively with ntfsmount (1) or
ntfs-3g (1). If the file /sbin/mount.ntfs-3g is found, then pmount will
mount NTFS filestystems with type ntfs-3g rather than plain ntfs. To
disable this behavior, just specify -t ntfs on the command-line, as
this happens only for autodetection.
MORE ABOUT FSTAB
pmount now fully resolve all symlinks both in its input and in the
/etc/fstab file, which means that if /dev/cdrom is a symlink to
/dev/hdc and you try to mount /dev/hdc directly, pmount will delegate
this to mount(1). This is a feature, and it contrasts with previous
unclear behavior of pmount about symlinks in /etc/fstab.
KNOWN ISSUES
Though we believe pmount is pretty much free from security problems,
there are quite a few glitches that probably will never be fixed.
· pmount needs to try several different times to mount to get the
filesystem right in the end; it is vital that pmount does know which
precise filesystem to mount in order to give it the right options not
to cause security holes. This is rather different from the behaviour
of mount with the -t auto options, which can have a look at the
device it is trying to mount and find out what its filesystem is.
pmount will never try to open a device and look at it to find out
which filesystem it is, as it might open quite a few security holes.
Moreover, the order in which the filesystems are tried are what we
could call the most commonly used filesystems on removable media.
This order is unlikely to change as well. In particular, that means
that when you mount an ext3 filesystem using pmount, you might get a
lot of fs-related kernel error messages. Sorry !
NOTE: Starting from version 0.9.17, pmount uses the same mechanism as
mount (1) to autodetect the filesystem type, so this kind of problems
should not happen anymore.
AUTHOR
pmount was originally developed by Martin Pitt
<martin.pitt@canonical.com>. It is now maintained by Vincent Fourmond
<fourmond@debian.org>.