freebsd-skq/sbin/mount/mount.8
cperciva b11927ff86 Add verbiage to the description of the noexec mount option clarifying
that it really wasn't intended as a security feature.

Wording mostly by: simon
Discussed with:	secteam
2005-03-23 04:17:48 +00:00

492 lines
14 KiB
Groff

.\" Copyright (c) 1980, 1989, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)mount.8 8.8 (Berkeley) 6/16/94
.\" $FreeBSD$
.\"
.Dd November 26, 2004
.Dt MOUNT 8
.Os
.Sh NAME
.Nm mount
.Nd mount file systems
.Sh SYNOPSIS
.Nm
.Op Fl adfpruvw
.Op Fl F Ar fstab
.Op Fl o Ar options
.Op Fl t Ar ufs | external_type
.Nm
.Op Fl dfpruvw
.Ar special | node
.Nm
.Op Fl dfpruvw
.Op Fl o Ar options
.Op Fl t Ar ufs | external_type
.Ar special node
.Sh DESCRIPTION
The
.Nm
utility calls the
.Xr mount 2
system call to prepare and graft a
.Ar "special device"
or the remote node (rhost:path) on to the file system tree at the point
.Ar node .
If either
.Ar special
or
.Ar node
are not provided, the appropriate information is taken from the
.Xr fstab 5
file.
.Pp
The system maintains a list of currently mounted file systems.
If no arguments are given to
.Nm ,
this list is printed.
.Pp
The options are as follows:
.Bl -tag -width indent
.It Fl a
All the file systems described in
.Xr fstab 5
are mounted.
Exceptions are those marked as
.Dq noauto ,
excluded by the
.Fl t
flag (see below), or if they are already mounted (except the
root file system which is always remounted to preserve
traditional single user mode behavior).
.It Fl d
Causes everything to be done except for the actual system call.
This option is useful in conjunction with the
.Fl v
flag to
determine what the
.Nm
command is trying to do.
.It Fl F Ar fstab
Specify the
.Pa fstab
file to use.
.It Fl f
Forces the revocation of write access when trying to downgrade
a file system mount status from read-write to read-only.
Also
forces the R/W mount of an unclean file system (dangerous; use with
caution).
.It Fl o
Options are specified with a
.Fl o
flag followed by a comma separated string of options.
In case of conflicting options being specified, the rightmost option
takes effect.
The following options are available:
.Bl -tag -width indent
.It Cm acls
Enable Access Control Lists, or ACLS, which can be customized via the
.Xr setfacl 1
and
.Xr getfacl 1
commands.
.It Cm async
All
.Tn I/O
to the file system should be done asynchronously.
This is a
.Em dangerous
flag to set,
and should not be used unless you are prepared to recreate the file
system should your system crash.
.It Cm current
When used with the
.Fl u
flag, this is the same as specifying the options currently in effect for
the mounted file system.
.It Cm force
The same as
.Fl f ;
forces the revocation of write access when trying to downgrade
a file system mount status from read-write to read-only.
Also
forces the R/W mount of an unclean file system (dangerous; use with caution).
.It Cm fstab
When used with the
.Fl u
flag, this is the same as specifying all the options listed in the
.Xr fstab 5
file for the file system.
.It Cm multilabel
Enable multi-label Mandatory Access Control, or MAC, on the specified file
system.
If the file system supports multilabel operation, individual labels will
be maintained for each object in the file system, rather than using a
single label for all objects.
An alternative to the
.Fl l
flag in
.Xr tunefs 8 .
See
.Xr mac 4
for more information, which cause the multilabel mount flag to be set
automatically at mount-time.
.It Cm noasync
Metadata I/O should be done synchronously, while data I/O should be done
asynchronously.
This is the default.
.It Cm noatime
Do not update the file access time when reading from a file.
This option
is useful on file systems where there are large numbers of files and
performance is more critical than updating the file access time (which is
rarely ever important).
This option is currently only supported on local file systems.
.It Cm noauto
This file system should be skipped when
.Nm
is run with the
.Fl a
flag.
.It Cm noclusterr
Disable read clustering.
.It Cm noclusterw
Disable write clustering.
.It Cm noexec
Do not allow execution of any binaries on the mounted file system.
This option is useful for a server that has file systems containing
binaries for architectures other than its own.
Note: This option was not designed as a security feature and no
guarantee is made that it will prevent malicious code execution; for
example, it is still possible to execute scripts which reside on a
.Cm noexec
mounted partition.
.It Cm nosuid
Do not allow set-user-identifier or set-group-identifier bits to take effect.
Note: this option is worthless if a public available suid or sgid
wrapper like
.Xr suidperl 1
is installed on your system.
It is set automatically when the user does not have super-user privileges.
.It Cm nosymfollow
Do not follow symlinks
on the mounted file system.
.It Cm ro
The same as
.Fl r ;
mount the file system read-only (even the super-user may not write it).
.It Cm sync
All
.Tn I/O
to the file system should be done synchronously.
.It Cm snapshot
This option allows a snapshot of the specified file system to be taken.
The
.Fl u
flag is required with this option.
Note that snapshot files must be created in the file system that is being
snapshotted.
You may create up to 20 snapshots per file system.
Active snapshots are recorded in the superblock, so they persist across unmount
and remount operations and across system reboots.
When you are done with a snapshot, it can be removed with the
.Xr rm 1
command.
Snapshots may be removed in any order, however you may not get back all the
space contained in the snapshot as another snapshot may claim some of the blocks
that it is releasing.
Note that the schg flag is set on snapshots to ensure that not even the root
user can write to them.
The unlink command makes an exception for snapshot files in that it allows them
to be removed even though they have the schg flag set, so it is not necessary to
clear the schg flag before removing a snapshot file.
.Pp
Once you have taken a snapshot, there are three interesting things that you can
do with it:
.Pp
.Bl -enum -compact
.It
Run
.Xr fsck 8
on the snapshot file.
Assuming that the file system was clean when it was mounted, you should always
get a clean (and unchanging) result from running fsck on the snapshot.
This is essentially what the background fsck process does.
.Pp
.It
Run
.Xr dump 8
on the snapshot.
You will get a dump that is consistent with the file system as of the timestamp
of the snapshot.
.Pp
.It
Mount the snapshot as a frozen image of the file system.
To mount the snapshot
.Pa /var/snapshot/snap1 :
.Bd -literal
mdconfig -a -t vnode -f /var/snapshot/snap1 -u 4
mount -r /dev/md4 /mnt
.Ed
.Pp
You can now cruise around your frozen
.Pa /var
file system at
.Pa /mnt .
Everything will be in the same state that it was at the time the snapshot was
taken.
The one exception is that any earlier snapshots will appear as zero length
files.
When you are done with the mounted snapshot:
.Bd -literal
umount /mnt
mdconfig -d -u 4
.Ed
.Pp
Further details can be found in the file at
.Pa /usr/src/sys/ufs/ffs/README.snapshot .
.El
.It Cm suiddir
A directory on the mounted file system will respond to the SUID bit
being set, by setting the owner of any new files to be the same
as the owner of the directory.
New directories will inherit the bit from their parents.
Execute bits are removed from
the file, and it will not be given to root.
.Pp
This feature is designed for use on fileservers serving PC users via
ftp, SAMBA, or netatalk.
It provides security holes for shell users and as
such should not be used on shell machines, especially on home directories.
This option requires the SUIDDIR
option in the kernel to work.
Only UFS file systems support this option.
See
.Xr chmod 2
for more information.
.It Cm update
The same as
.Fl u ;
indicate that the status of an already mounted file system should be changed.
.It Cm union
Causes the namespace at the mount point to appear as the union
of the mounted file system root and the existing directory.
Lookups will be done in the mounted file system first.
If those operations fail due to a non-existent file the underlying
directory is then accessed.
All creates are done in the mounted file system.
.El
.Pp
Any additional options specific to a file system type that is not
one of the internally known types (see the
.Fl t
option) may be passed as a comma separated list; these options are
distinguished by a leading
.Dq \&-
(dash).
Options that take a value are specified using the syntax -option=value.
For example, the
.Nm
command:
.Bd -literal -offset indent
mount -t unionfs -o -b /sys $HOME/sys
.Ed
.Pp
causes
.Nm
to execute the equivalent of:
.Bd -literal -offset indent
/sbin/mount_unionfs -b /sys $HOME/sys
.Ed
.Pp
Additional options specific to file system types
which are not internally known
(see the description of the
.Fl t
option below)
may be described in the manual pages for the associated
.Pa /sbin/mount_ Ns Sy XXX
utilities.
.It Fl p
Print mount information in
.Xr fstab 5
format.
Implies also the
.Fl v
option.
.It Fl r
The file system is to be mounted read-only.
Mount the file system read-only (even the super-user may not write it).
The same as the
.Cm ro
argument to the
.Fl o
option.
.It Fl t Ar ufs | external_type
The argument following the
.Fl t
is used to indicate the file system type.
The type
.Ar ufs
is the default.
The
.Fl t
option can be used
to indicate that the actions should only be taken on
file systems of the specified type.
More than one type may be specified in a comma separated list.
The list of file system types can be prefixed with
.Dq no
to specify the file system types for which action should
.Em not
be taken.
For example, the
.Nm
command:
.Bd -literal -offset indent
mount -a -t nonfs,nullfs
.Ed
.Pp
mounts all file systems except those of type
.Tn NFS
and
.Tn NULLFS .
.Pp
If the type is not one of the internally known types,
.Nm
will attempt to execute a program in
.Pa /sbin/mount_ Ns Sy XXX
where
.Sy XXX
is replaced by the type name.
For example, nfs file systems are mounted by the program
.Pa /sbin/mount_nfs .
.Pp
Most file systems will be dynamically loaded by the kernel
if not already present, and if the kernel module is available.
.It Fl u
The
.Fl u
flag indicates that the status of an already mounted file
system should be changed.
Any of the options discussed above (the
.Fl o
option)
may be changed;
also a file system can be changed from read-only to read-write
or vice versa.
An attempt to change from read-write to read-only will fail if any
files on the file system are currently open for writing unless the
.Fl f
flag is also specified.
The set of options is determined by applying the options specified
in the argument to
.Fl o
and finally applying the
.Fl r
or
.Fl w
option.
.It Fl v
Verbose mode.
.It Fl w
The file system object is to be read and write.
.El
.Sh ENVIRONMENT
.Bl -tag -width ".Ev PATH_FSTAB"
.It Ev PATH_FSTAB
If the environment variable
.Ev PATH_FSTAB
is set, all operations are performed against the specified file.
.Ev PATH_FSTAB
will not be honored if the process environment or memory address space is
considered
.Dq tainted .
(See
.Xr issetugid 2
for more information.)
.El
.Sh FILES
.Bl -tag -width /etc/fstab -compact
.It Pa /etc/fstab
file system table
.El
.Sh DIAGNOSTICS
Various, most of them are self-explanatory.
.Pp
.Dl XXXXX file system is not available
.Pp
The kernel does not support the respective file system type.
Note that
support for a particular file system might be provided either on a static
(kernel compile-time), or dynamic basis (loaded as a kernel module by
.Xr kldload 8 ) .
.Sh SEE ALSO
.Xr getfacl 1 ,
.Xr setfacl 1 ,
.Xr mount 2 ,
.Xr acl 3 ,
.Xr mac 4 ,
.Xr fstab 5 ,
.Xr kldload 8 ,
.Xr mount_cd9660 8 ,
.Xr mount_devfs 8 ,
.Xr mount_ext2fs 8 ,
.Xr mount_fdescfs 8 ,
.Xr mount_hpfs 8 ,
.Xr mount_linprocfs 8 ,
.Xr mount_msdosfs 8 ,
.Xr mount_nfs 8 ,
.Xr mount_ntfs 8 ,
.Xr mount_nullfs 8 ,
.Xr mount_nwfs 8 ,
.Xr mount_portalfs 8 ,
.Xr mount_procfs 8 ,
.Xr mount_smbfs 8 ,
.Xr mount_std 8 ,
.Xr mount_udf 8 ,
.Xr mount_umapfs 8 ,
.Xr mount_unionfs 8 ,
.Xr umount 8
.Sh CAVEATS
After a successful
.Nm ,
the permissions on the original mount point determine if
.Pa ..\&
is accessible from the mounted file system.
The minimum permissions for
the mount point for traversal across the mount point in both
directions to be possible for all users is 0111 (execute for all).
.Sh HISTORY
A
.Nm
utility appeared in
.At v1 .
.Sh BUGS
It is possible for a corrupted file system to cause a crash.