MOUNT(8) | System Administration | MOUNT(8) |
NAME¶
mount - mount a filesystem
SYNOPSIS¶
mount [-h|-V]
mount [-l] [-t fstype]
mount -a [-fFnrsvw] [-t fstype] [-O optlist]
mount [-fnrsvw] [-o options] device|mountpoint
mount [-fnrsvw] [-t fstype] [-o options] device mountpoint
mount --bind|--rbind|--move olddir newdir
mount --make-[shared|slave|private|unbindable|rshared|rslave|rprivate|runbindable] mountpoint
DESCRIPTION¶
All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the filesystem found on some device to the big file tree. Conversely, the umount(8) command will detach it again. The filesystem is used to control how data is stored on the device or provided in a virtual way by network or other services.
The standard form of the mount command is:
mount -t type device dir
This tells the kernel to attach the filesystem found on device (which is of type type) at the directory dir. The option -t type is optional. The mount command is usually able to detect a filesystem. The root permissions are necessary to mount a filesystem by default. See section "Non-superuser mounts" below for more details. The previous contents (if any) and owner and mode of dir become invisible, and as long as this filesystem remains mounted, the pathname dir refers to the root of the filesystem on device.
If only the directory or the device is given, for example:
mount /dir
then mount looks for a mountpoint (and if not found then for a device) in the /etc/fstab file. It’s possible to use the --target or --source options to avoid ambiguous interpretation of the given argument. For example:
mount --target /mountpoint
The same filesystem may be mounted more than once, and in some cases (e.g., network filesystems) the same filesystem may be mounted on the same mountpoint multiple times. The mount command does not implement any policy to control this behavior. All behavior is controlled by the kernel and it is usually specific to the filesystem driver. The exception is --all, in this case already mounted filesystems are ignored (see --all below for more details).
Listing the mounts¶
The listing mode is maintained for backward compatibility only.
For more robust and customizable output use findmnt(8), especially in your scripts. Note that control characters in the mountpoint name are replaced with '?'.
The following command lists all mounted filesystems (of type type):
mount [-l] [-t type]
The option -l adds labels to this listing. See below.
Indicating the device and filesystem¶
Most devices are indicated by a filename (of a block special device), like /dev/sda1, but there are other possibilities. For example, in the case of an NFS mount, device may look like knuth.cwi.nl:/dir.
The device names of disk partitions are unstable; hardware reconfiguration, and adding or removing a device can cause changes in names. This is the reason why it’s strongly recommended to use filesystem or partition identifiers like UUID or LABEL. Currently supported identifiers (tags):
LABEL=label
UUID=uuid
Note that mount uses UUIDs as strings. The UUIDs from the command line or from fstab(5) are not converted to internal binary representation. The string representation of the UUID should be based on lower case characters.
PARTLABEL=label
PARTUUID=uuid
ID=id
The command lsblk --fs provides an overview of filesystems, LABELs and UUIDs on available block devices. The command blkid -p <device> provides details about a filesystem on the specified device.
Don’t forget that there is no guarantee that UUIDs and labels are really unique, especially if you move, share or copy the device. Use lsblk -o +UUID,PARTUUID to verify that the UUIDs are really unique in your system.
The recommended setup is to use tags (e.g. UUID=uuid) rather than /dev/disk/by-{label,uuid,id,partuuid,partlabel} udev symlinks in the /etc/fstab file. Tags are more readable, robust and portable. The mount(8) command internally uses udev symlinks, so the use of symlinks in /etc/fstab has no advantage over tags. For more details see libblkid(3).
The proc filesystem is not associated with a special device, and when mounting it, an arbitrary keyword - for example, proc - can be used instead of a device specification. (The customary choice none is less fortunate: the error message 'none already mounted' from mount can be confusing.)
The files /etc/fstab, /etc/mtab and /proc/mounts¶
The file /etc/fstab (see fstab(5)), may contain lines describing what devices are usually mounted where, using which options. The default location of the fstab(5) file can be overridden with the --fstab path command-line option (see below for more details).
The command
mount -a [-t type] [-O optlist]
(usually given in a bootscript) causes all filesystems mentioned in fstab (of the proper type and/or having or not having the proper options) to be mounted as indicated, except for those whose line contains the noauto keyword. Adding the -F option will make mount fork, so that the filesystems are mounted in parallel.
When mounting a filesystem mentioned in fstab or mtab, it suffices to specify on the command line only the device, or only the mount point.
The programs mount and umount(8) traditionally maintained a list of currently mounted filesystems in the file /etc/mtab. The support for regular classic /etc/mtab is completely disabled at compile time by default, because on current Linux systems it is better to make /etc/mtab a symlink to /proc/mounts instead. The regular mtab file maintained in userspace cannot reliably work with namespaces, containers and other advanced Linux features. If the regular mtab support is enabled, then it’s possible to use the file as well as the symlink.
If no arguments are given to mount, the list of mounted filesystems is printed.
If you want to override mount options from /etc/fstab, you have to use the -o option:
mount device|dir -o options
and then the mount options from the command line will be appended to the list of options from /etc/fstab. This default behaviour can be changed using the --options-mode command-line option. The usual behavior is that the last option wins if there are conflicting ones.
The mount program does not read the /etc/fstab file if both device (or LABEL, UUID, ID, PARTUUID or PARTLABEL) and dir are specified. For example, to mount device foo at /dir:
mount /dev/foo /dir
This default behaviour can be changed by using the --options-source-force command-line option to always read configuration from fstab. For non-root users mount always reads the fstab configuration.
Non-superuser mounts¶
Normally, only the superuser can mount filesystems. However, when fstab contains the user option on a line, anybody can mount the corresponding filesystem.
Thus, given a line
/dev/cdrom /cd iso9660 ro,user,noauto,unhide
any user can mount the iso9660 filesystem found on an inserted CDROM using the command:
mount /cd
Note that mount is very strict about non-root users and all paths specified on command line are verified before fstab is parsed or a helper program is executed. It’s strongly recommended to use a valid mountpoint to specify filesystem, otherwise mount may fail. For example it’s a bad idea to use NFS or CIFS source on command line.
Since util-linux 2.35, mount does not exit when user permissions are inadequate according to libmount’s internal security rules. Instead, it drops suid permissions and continues as regular non-root user. This behavior supports use-cases where root permissions are not necessary (e.g., fuse filesystems, user namespaces, etc).
For more details, see fstab(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount it, then use users instead of user in the fstab line. The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be a member of the group of the special file.
The user mount option is accepted if no username is specified. If used in the format user=someone, the option is silently ignored and visible only for external mount helpers (/sbin/mount.<type>) for compatibility with some network filesystems.
Blacklisted file systems¶
In the Linux kernel, file system types are implemented as kernel modules. While many of these file systems are well maintained, some of the older and less frequently used ones are not. This poses a security risk, because maliciously crafted file system images might open security holes when mounted either automatically or by an inadvertent user. The mount command prints "unsupported file system type 'somefs'" in this case, because it can't distinguish between a really unsupported file system (kernel module non-existent) and a blacklisted file system.
Users who need the blacklisted file systems and therefore want to override the blacklisting can either load the blacklisted module directly:
modprobe -v somefs
Bind mount operation¶
Remount part of the file hierarchy somewhere else. The call is:
mount --bind olddir newdir
or by using this fstab entry:
/olddir /newdir none bind
After this call the same contents are accessible in two places.
It is important to understand that "bind" does not create any second-class or special node in the kernel VFS. The "bind" is just another operation to attach a filesystem. There is nowhere stored information that the filesystem has been attached by a "bind" operation. The olddir and newdir are independent and the olddir may be unmounted.
One can also remount a single file (on a single file). It’s also possible to use a bind mount to create a mountpoint from a regular directory, for example:
mount --bind foo foo
The bind mount call attaches only (part of) a single filesystem, not possible submounts. The entire file hierarchy including submounts can be attached a second place by using:
mount --rbind olddir newdir
Note that the filesystem mount options maintained by the kernel will remain the same as those on the original mount point. The userspace mount options (e.g., _netdev) will not be copied by mount and it’s necessary to explicitly specify the options on the mount command line.
Since util-linux 2.27 mount permits changing the mount options by passing the relevant options along with --bind. For example:
mount -o bind,ro foo foo
This feature is not supported by the Linux kernel; it is implemented in userspace by an additional mount(2) remounting system call. This solution is not atomic.
The alternative (classic) way to create a read-only bind mount is to use the remount operation, for example:
mount --bind olddir newdir
mount -o remount,bind,ro olddir newdir
Note that a read-only bind will create a read-only mountpoint (VFS entry), but the original filesystem superblock will still be writable, meaning that the olddir will be writable, but the newdir will be read-only.
It’s also possible to change nosuid, nodev, noexec, noatime, nodiratime, relatime and nosymfollow VFS entry flags via a "remount,bind" operation. The other flags (for example filesystem-specific flags) are silently ignored. The classic mount(2) system call does not allow to change mount options recursively (for example with -o rbind,ro). The recursive semantic is possible with a new mount_setattr(2) kernel system call and it’s supported since libmount from util-linux v2.39 by a new experimental "recursive" option argument (e.g. -o rbind,ro=recursive). For more details see the FILESYSTEM-INDEPENDENT MOUNT OPTIONS section.
Since util-linux 2.31, mount ignores the bind flag from /etc/fstab on a remount operation (if -o remount is specified on command line). This is necessary to fully control mount options on remount by command line. In previous versions the bind flag has been always applied and it was impossible to re-define mount options without interaction with the bind semantic. This mount behavior does not affect situations when "remount,bind" is specified in the /etc/fstab file.
The move operation¶
Move a mounted tree to another place (atomically). The call is:
mount --move olddir newdir
This will cause the contents which previously appeared under olddir to now be accessible under newdir. The physical location of the files is not changed. Note that olddir has to be a mountpoint.
Note also that moving a mount residing under a shared mount is invalid and unsupported. Use findmnt -o TARGET,PROPAGATION to see the current propagation flags.
Shared subtree operations¶
Since Linux 2.6.15 it is possible to mark a mount and its submounts as shared, private, slave or unbindable. A shared mount provides the ability to create mirrors of that mount such that mounts and unmounts within any of the mirrors propagate to the other mirror. A slave mount receives propagation from its master, but not vice versa. A private mount carries no propagation abilities. An unbindable mount is a private mount which cannot be cloned through a bind operation. The detailed semantics are documented in Documentation/filesystems/sharedsubtree.txt file in the kernel source tree; see also mount_namespaces(7).
Supported operations are:
mount --make-shared mountpoint mount --make-slave mountpoint mount --make-private mountpoint mount --make-unbindable mountpoint
The following commands allow one to recursively change the type of all the mounts under a given mountpoint.
mount --make-rshared mountpoint mount --make-rslave mountpoint mount --make-rprivate mountpoint mount --make-runbindable mountpoint
mount does not read fstab(5) when a --make-* operation is requested. All necessary information has to be specified on the command line.
Note that the Linux kernel does not allow changing multiple propagation flags with a single mount(2) system call, and the flags cannot be mixed with other mount options and operations.
Since util-linux 2.23 the mount command can be used to do more propagation (topology) changes by one mount(8) call and do it also together with other mount operations. The propagation flags are applied by additional mount(2) system calls when the preceding mount operations were successful. Note that this use case is not atomic. It is possible to specify the propagation flags in fstab(5) as mount options (private, slave, shared, unbindable, rprivate, rslave, rshared, runbindable).
For example:
mount --make-private --make-unbindable /dev/sda1 /foo
is the same as:
mount /dev/sda1 /foo mount --make-private /foo mount --make-unbindable /foo
COMMAND-LINE OPTIONS¶
The full set of mount options used by an invocation of mount is determined by first extracting the mount options for the filesystem from the fstab table, then applying any options specified by the -o argument, and finally applying a -r or -w option, when present.
The mount command does not pass all command-line options to the /sbin/mount.suffix mount helpers. The interface between mount and the mount helpers is described below in the EXTERNAL HELPERS section.
Command-line options available for the mount command are:
-a, --all
The correct functionality depends on /proc (to detect already mounted filesystems) and on /sys (to evaluate filesystem tags like UUID= or LABEL=). It’s strongly recommended to mount /proc and /sys filesystems before mount -a is executed, or keep /proc and /sys at the beginning of fstab.
The option --all is possible to use for remount operation too. In this case all filters (-t and -O) are applied to the table of already mounted filesystems.
Since version 2.35 it is possible to use the command line option -o to alter mount options from fstab (see also --options-mode).
Note that it is a bad practice to use mount -a for fstab checking. The recommended solution is findmnt --verify.
-B, --bind
-c, --no-canonicalize
Note that mount does not pass this option to the /sbin/mount.type helpers.
-F, --fork
-f, --fake
The /etc/mtab is no longer maintained in userspace, and starting from version 2.39, the mount operation can be a complex chain of operations with dependencies between the syscalls. The --fake option forces libmount to skip all mount source preparation, mount option analysis, and the actual mounting process.
The difference between fake and non-fake execution is huge. This is the reason why the --fake option has minimal significance for the current mount(8) implementation and it is maintained mostly for backward compatibility.
-i, --internal-only
-L, --label label
-l, --show-labels
-M, --move
-m, --mkdir[=mode]
--map-groups, --map-users inner:_outer_:_count_
--map-users /proc/PID/ns/user
-n, --no-mtab
-N, --namespace ns
mount switches to the mount namespace when it reads /etc/fstab, writes /etc/mtab: (or writes to _/run/mount) and calls mount(2), otherwise it runs in the original mount namespace. This means that the target namespace does not have to contain any libraries or other requirements necessary to execute the mount(2) call.
See mount_namespaces(7) for more information.
-O, --test-opts opts
mount -a -O no_netdev
mounts all filesystems except those which have the option netdev specified in the options field in the /etc/fstab file.
It is different from -t in that each option is matched exactly; a leading no at the beginning of one option does not negate the rest.
The -t and -O options are cumulative in effect; that is, the command
mount -a -t ext2 -O _netdev
mounts all ext2 filesystems with the _netdev option, not all filesystems that are either ext2 or have the _netdev option specified.
-o, --options opts
mount LABEL=mydisk -o noatime,nodev,nosuid
Note that the order of the options matters, as the last option wins if there are conflicting ones. The options from the command line also overwrite options from fstab by default.
For more details, see the FILESYSTEM-INDEPENDENT MOUNT OPTIONS and FILESYSTEM-SPECIFIC MOUNT OPTIONS sections.
--onlyonce
--options-mode mode
--options-source source
--options-source-force
-R, --rbind
-r, --read-only
Note that, depending on the filesystem type, state and kernel behavior, the system may still write to the device. For example, ext3 and ext4 will replay the journal if the filesystem is dirty. To prevent this kind of write access, you may want to mount an ext3 or ext4 filesystem with the ro,noload mount options or set the block device itself to read-only mode, see the blockdev(8) command.
-s
--source device
--target directory
--target-prefix directory
mount --all --target-prefix /chroot -o X-mount.mkdir
mounts all from system fstab to /chroot, all missing mountpoint are created (due to X-mount.mkdir). See also --fstab to use an alternative fstab.
-T, --fstab path
Note that mount does not pass the option --fstab to the /sbin/mount.type helpers, meaning that the alternative fstab files will be invisible for the helpers. This is no problem for normal mounts, but user (non-root) mounts always require fstab to verify the user’s rights.
-t, --types fstype
The programs mount and umount(8) support filesystem subtypes. The subtype is defined by a '.subtype' suffix. For example 'fuse.sshfs'. It’s recommended to use subtype notation rather than add any prefix to the mount source (for example 'sshfs#example.com' is deprecated).
If no -t option is given, or if the auto type is specified, mount will try to guess the desired type. mount uses the libblkid(3) library for guessing the filesystem type; if that does not turn up anything that looks familiar, mount will try to read the file /etc/filesystems, or, if that does not exist, /proc/filesystems. All of the filesystem types listed there will be tried, except for those that are labeled "nodev" (e.g. devpts, proc and nfs). If /etc/filesystems ends in a line with a single *, mount will read /proc/filesystems afterwards. While trying, all filesystem types will be mounted with the mount option silent.
The auto type may be useful for user-mounted floppies. Creating a file /etc/filesystems can be useful to change the probe order (e.g., to try vfat before msdos or ext3 before ext2) or if you use a kernel module autoloader.
More than one type may be specified in a comma-separated list, for the -t option as well as in an /etc/fstab entry. The list of filesystem types for the -t option can be prefixed with no to specify the filesystem types on which no action should be taken. The prefix no has no effect when specified in an /etc/fstab entry.
The prefix no can be meaningful with the -a option. For example, the command
mount -a -t nomsdos,smbfs
mounts all filesystems except those of type msdos and smbfs.
For most types all the mount program has to do is issue a simple mount(2) system call, and no detailed knowledge of the filesystem type is required. For a few types however (like nfs, nfs4, cifs, smbfs, ncpfs) an ad hoc code is necessary. The nfs, nfs4, cifs, smbfs, and ncpfs filesystems have a separate mount program. In order to make it possible to treat all types in a uniform way, mount will execute the program /sbin/mount.type (if that exists) when called with type type. Since different versions of the smbmount program have different calling conventions, /sbin/mount.smbfs may have to be a shell script that sets up the desired call.
-U, --uuid uuid
-v, --verbose
-w, --rw, --read-write
A synonym is -o rw.
Note that specifying -w on the command line forces mount to never try read-only mount on write-protected devices or already mounted read-only filesystems.
-h, --help
-V, --version
FILESYSTEM-INDEPENDENT MOUNT OPTIONS¶
Some of these options are only useful when they appear in the /etc/fstab file.
Some of these options could be enabled or disabled by default in the system kernel. To check the current setting see the options in /proc/mounts. Note that filesystems also have per-filesystem specific default mount options (see for example tune2fs -l output for extN filesystems).
The options nosuid, noexec, nodiratime, relatime, noatime, strictatime, and nosymfollow are interpreted only by the abstract VFS kernel layer and applied to the mountpoint node rather than to the filesystem itself. Try:
findmnt -o TARGET,VFS-OPTIONS,FS-OPTIONS
to get a complete overview of filesystems and VFS options.
The read-only setting (ro or rw) is interpreted by VFS and the filesystem and depends on how the option is specified on the mount(8) command line. The default is to interpret it on the filesystem level. The operation "-o bind,remount,ro" is applied only to the VFS mountpoint, and operation "-o remount,ro" is applied to VFS and filesystem superblock. This semantic allows create a read-only mountpoint but keeps the filesystem writable from another mountpoint.
Since v2.39 libmount can use a new kernel mount interface to set the VFS options recursive. For backward compatibility, this feature is not enabled by default, although recursive operation (e.g. rbind) has been requested. The new option argument "recursive" could be specified, for example:
mount -orbind,ro=recursive,noexec=recursive,nosuid /foo /bar
recursively binds filesystems from /foo to /bar, /bar, and all submounts will be read-only and noexec, but only /bar itself will be "nosuid". The "recursive" optional argument for VFS mount options is an EXPERIMENTAL feature.
The following options apply to any filesystem that is being mounted (but not every filesystem actually honors them - e.g., the sync option today has an effect only for ext2, ext3, ext4, fat, vfat, ufs and xfs):
async
atime
noatime
auto
noauto
context=context, fscontext=context, defcontext=context, and rootcontext=context
A commonly used option for removable media is context="system_u:object_r:removable_t.
The fscontext= option works for all filesystems, regardless of their xattr support. The fscontext option sets the overarching filesystem label to a specific security context. This filesystem label is separate from the individual labels on the files. It represents the entire filesystem for certain kinds of permission checks, such as during mount or file creation. Individual file labels are still obtained from the xattrs on the files themselves. The context option actually sets the aggregate context that fscontext provides, in addition to supplying the same label for individual files.
You can set the default security context for unlabeled files using defcontext= option. This overrides the value set for unlabeled files in the policy and requires a filesystem that supports xattr labeling.
The rootcontext= option allows you to explicitly label the root inode of a FS being mounted before that FS or inode becomes visible to userspace. This was found to be useful for things like stateless Linux. The special value @target can be used to assign the current context of the target mountpoint location.
Note that the kernel rejects any remount request that includes the context option, even when unchanged from the current context.
Warning: the context value might contain commas, in which case the value has to be properly quoted, otherwise mount will interpret the comma as a separator between mount options. Don’t forget that the shell strips off quotes and thus double quoting is required. For example:
mount -t tmpfs none /mnt -o \ 'context="system_u:object_r:tmp_t:s0:c127,c456",noexec'
For more details, see selinux(8).
defaults
Note that the real set of all default mount options depends on the kernel and filesystem type. See the beginning of this section for more details.
dev
nodev
diratime
nodiratime
dirsync
exec
noexec
group
iversion
noiversion
mand
nomand
_netdev
nofail
relatime
Since Linux 2.6.30, the kernel defaults to the behavior provided by this option (unless noatime was specified), and the strictatime option is required to obtain traditional semantics. In addition, since Linux 2.6.30, the file’s last access time is always updated if it is more than 1 day old.
norelatime
strictatime
nostrictatime
lazytime
This mount option significantly reduces writes to the inode table for workloads that perform frequent random writes to preallocated files.
The on-disk timestamps are updated only when:
nolazytime
suid
nosuid
silent
loud
owner
remount
The remount operation together with the bind flag has special semantics. See above, the subsection Bind mount operation.
The default kernel behavior for VFS mount flags (nodev,nosuid,noexec,ro) is to reset all unspecified flags on remount. That’s why mount(8) tries to keep the current setting according to fstab or /proc/self/mountinfo. This default behavior is possible to change by --options-mode. The recursive change of the mount flags (supported since v2.39 on systems with mount_setattr(2) syscall), for example, mount -o remount,ro=recursive, do not use "reset-unspecified" behavior, and it works as a simple add/remove operation and unspecified flags are not modified.
The remount functionality follows the standard way the mount command works with options from fstab. This means that mount does not read fstab (or mtab) only when both device and dir are specified.
mount -o remount,rw /dev/foo /dir
After this call all old mount options are replaced and arbitrary stuff from fstab (or mtab) is ignored, except the loop= option which is internally generated and maintained by the mount command.
mount -o remount,rw /dir
After this call, mount reads fstab and merges these options with the options from the command line (-o). If no mountpoint is found in fstab, then it defaults to mount options from /proc/self/mountinfo.
mount allows the use of --all to remount all already mounted filesystems which match a specified filter (-O and -t). For example:
mount --all -o remount,ro -t vfat
remounts all already mounted vfat filesystems in read-only mode. Each of the filesystems is remounted by mount -o remount,ro /dir semantic. This means the mount command reads fstab or mtab and merges these options with the options from the command line.
ro
rw
sync
user
nouser
users
X-*
x-*
Note that before util-linux v2.30 the x-* options have not been maintained by libmount and stored in user space (functionality was the same as for X-* now), but due to the growing number of use-cases (in initrd, systemd etc.) the functionality has been extended to keep existing fstab configurations usable without a change.
X-mount.auto-fstypes=list
The list is a comma-separated list of the filesystem names. The automatic filesystem detection is triggered by the "auto" filesystem type or when the filesystem type is not specified.
The list follows how mount evaluates type patterns (see -t for more details). Only specified filesystem types are allowed, or all specified types are forbidden if the list is prefixed by "no".
For example, X-mount.auto-fstypes="ext4,btrfs" accepts only ext4 and btrfs, and X-mount.auto-fstypes="novfat,xfs" accepts all filesystems except vfat and xfs.
Note that comma is used as a separator between mount options, it means that auto-fstypes values have to be properly quoted, don’t forget that the shell strips off quotes and thus double quoting is required. For example:
mount -t auto
-o’X-mount.auto-fstypes="noext2,ext3"' /dev/sdc1 /mnt/test
X-mount.mkdir[=mode]
X-mount.subdir=directory
Note that this feature will not work in session with an unshared private mount namespace (after unshare --mount) on old kernels or with mount(8) without support for file-descriptors-based mount kernel API. In this case, you need unshare --mount --propagation shared.
This feature is EXPERIMENTAL.
X-mount.owner=username|UID, X-mount.group=group|GID
X-mount.mode=mode
X-mount.idmap=id-type:id-mount:id-host:id-range [id-type:id-mount:id-host:id-range], X-mount.idmap=file
The ID-mapping must be specified using the syntax id-type:id-mount:id-host:id-range. Specifying u as the id-type prefix creates a UID-mapping, g creates a GID-mapping and omitting id-type or specifying b creates both a UID- and GID-mapping. The id-mount parameter indicates the starting ID in the new mount. The id-host parameter indicates the starting ID in the filesystem. The id-range parameter indicates how many IDs are to be mapped. It is possible to specify multiple ID-mappings. The individual ID-mappings must be separated by spaces.
For example, the ID-mapping X-mount.idmap=u:1000:0:1 g:1001:1:2 5000:1000:2 creates an idmapped mount where UID 0 is mapped to UID 1000, GID 1 is mapped to GUID 1001, GID 2 is mapped to GID 1002, UID and GID 1000 are mapped to 5000, and UID and GID 1001 are mapped to 5001 in the mount.
When an ID-mapping is specified directly a new user namespace will be allocated with the requested ID-mapping. The newly created user namespace will be attached to the mount.
The user namespace will then be attached to the mount and the ID-mapping of the user namespace will become the ID-mapping of the mount.
For example, X-mount.idmap=/proc/PID/ns/user will attach the user namespace of the process PID to the mount.
nosymfollow
FILESYSTEM-SPECIFIC MOUNT OPTIONS¶
This section lists options that are specific to particular filesystems. Where possible, you should first consult filesystem-specific manual pages for details. Some of those pages are listed in the following table.
Filesystem(s) | Manual page |
btrfs | btrfs(5) |
cifs | mount.cifs(8) |
ext2, ext3, ext4 | ext4(5) |
fuse | fuse(8) |
nfs | nfs(5) |
tmpfs | tmpfs(5) |
xfs | xfs(5) |
Note that some of the pages listed above might be available only after you install the respective userland tools.
The following options apply only to certain filesystems. We sort them by filesystem. All options follow the -o flag.
What options are supported depends a bit on the running kernel. Further information may be available in filesystem-specific files in the kernel source subdirectory Documentation/filesystems.
Mount options for adfs¶
uid=value and gid=value
ownmask=value and othmask=value
Mount options for affs¶
uid=value and gid=value
setuid=value and setgid=value
mode=value
protect
usemp
verbose
prefix=string
volume=string
reserved=value
root=value
bs=value
grpquota|noquota|quota|usrquota
Mount options for debugfs¶
The debugfs filesystem is a pseudo filesystem, traditionally mounted on /sys/kernel/debug. As of kernel version 3.4, debugfs has the following options:
uid=n, gid=n
mode=value
Mount options for devpts¶
The devpts filesystem is a pseudo filesystem, traditionally mounted on /dev/pts. In order to acquire a pseudo terminal, a process opens /dev/ptmx; the number of the pseudo terminal is then made available to the process and the pseudo terminal slave can be accessed as /dev/pts/<number>.
uid=value and gid=value
mode=value
newinstance
All mounts of devpts without this newinstance option share the same set of pseudo terminal indices (i.e., legacy mode). Each mount of devpts with the newinstance option has a private set of pseudo terminal indices.
This option is mainly used to support containers in the Linux kernel. It is implemented in Linux kernel versions starting with 2.6.29. Further, this mount option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.
To use this option effectively, /dev/ptmx must be a symbolic link to pts/ptmx. See Documentation/filesystems/devpts.txt in the Linux kernel source tree for details.
ptmxmode=value
With the support for multiple instances of devpts (see newinstance option above), each instance has a private ptmx node in the root of the devpts filesystem (typically /dev/pts/ptmx).
For compatibility with older versions of the kernel, the default mode of the new ptmx node is 0000. ptmxmode=value specifies a more useful mode for the ptmx node and is highly recommended when the newinstance option is specified.
This option is only implemented in Linux kernel versions starting with 2.6.29. Further, this option is valid only if CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel configuration.
Mount options for fat¶
(Note: fat is not a separate filesystem, but a common part of the msdos, umsdos and vfat filesystems.)
blocksize={512|1024|2048}
uid=value and gid=value
umask=value
dmask=value
fmask=value
allow_utime=value
20
2
The default is set from 'dmask' option. (If the directory is writable, utime(2) is also allowed. I.e. ~dmask & 022)
Normally utime(2) checks that the current process is owner of the file, or that it has the CAP_FOWNER capability. But FAT filesystems don’t have UID/GID on disk, so the normal check is too inflexible. With this option you can relax it.
check=value
r[elaxed]
n[ormal]
s[trict]
codepage=value
conv=mode
cvf_format=module
cvf_option=option
debug
discard
dos1xfloppy
errors={panic|continue|remount-ro}
fat={12|16|32}
iocharset=value
nfs={stale_rw|nostale_ro}
stale_rw: This option maintains an index (cache) of directory inodes which is used by the nfs-related code to improve look-ups. Full file operations (read/write) over NFS are supported but with cache eviction at NFS server, this could result in spurious ESTALE errors.
nostale_ro: This option bases the inode number and file handle on the on-disk location of a file in the FAT directory entry. This ensures that ESTALE will not be returned after a file is evicted from the inode cache. However, it means that operations such as rename, create and unlink could cause file handles that previously pointed at one file to point at a different file, potentially causing data corruption. For this reason, this option also mounts the filesystem readonly.
To maintain backward compatibility, -o nfs is also accepted, defaulting to stale_rw.
tz=UTC
time_offset=minutes
quiet
rodir
If you want to use ATTR_RO as read-only flag even for the directory, set this option.
showexec
sys_immutable
flush
usefree
dots, nodots, dotsOK=[yes|no]
Mount options for hfs¶
creator=cccc, type=cccc
uid=n, gid=n
dir_umask=n, file_umask=n, umask=n
session=n
part=n
quiet
Mount options for hpfs¶
uid=value and gid=value
umask=value
case={lower|asis}
conv=mode
nocheck
Mount options for iso9660¶
ISO 9660 is a standard describing a filesystem structure to be used on CD-ROMs. (This filesystem type is also seen on some DVDs. See also the udf filesystem.)
Normal iso9660 filenames appear in an 8.3 format (i.e., DOS-like restrictions on filename length), and in addition all characters are in upper case. Also there is no field for file ownership, protection, number of links, provision for block/character devices, etc.
Rock Ridge is an extension to iso9660 that provides all of these UNIX-like features. Basically there are extensions to each directory record that supply all of the additional information, and when Rock Ridge is in use, the filesystem is indistinguishable from a normal UNIX filesystem (except that it is read-only, of course).
norock
nojoliet
check={r[elaxed]|s[trict]}
uid=value and gid=value
map={n[ormal]|o[ff]|a[corn]}
mode=value
unhide
block={512|1024|2048}
conv=mode
cruft
session=x
sbsector=xxx
The following options are the same as for vfat and specifying them only makes sense when using discs encoded using Microsoft’s Joliet extensions.
iocharset=value
utf8
Mount options for jfs¶
iocharset=name
resize=value
nointegrity
integrity
errors={continue|remount-ro|panic}
noquota|quota|usrquota|grpquota
Mount options for msdos¶
See mount options for fat. If the msdos filesystem detects an inconsistency, it reports an error and sets the file system read-only. The filesystem can be made writable again by remounting it.
Mount options for ncpfs¶
Just like nfs, the ncpfs implementation expects a binary argument (a struct ncp_mount_data) to the mount(2) system call. This argument is constructed by ncpmount(8) and the current version of mount (2.12) does not know anything about ncpfs.
Mount options for ntfs¶
iocharset=name
nls=name
utf8
uni_xlate={0|1|2}
posix=[0|1]
uid=value, gid=value and umask=value
Mount options for overlay¶
Since Linux 3.18 the overlay pseudo filesystem implements a union mount for other filesystems.
An overlay filesystem combines two filesystems - an upper filesystem and a lower filesystem. When a name exists in both filesystems, the object in the upper filesystem is visible while the object in the lower filesystem is either hidden or, in the case of directories, merged with the upper object.
The lower filesystem can be any filesystem supported by Linux and does not need to be writable. The lower filesystem can even be another overlayfs. The upper filesystem will normally be writable and if it is it must support the creation of trusted.* extended attributes, and must provide a valid d_type in readdir responses, so NFS is not suitable.
A read-only overlay of two read-only filesystems may use any filesystem type. The options lowerdir and upperdir are combined into a merged directory by using:
mount -t overlay overlay \
-olowerdir=/lower,upperdir=/upper,workdir=/work /merged
lowerdir=directory
upperdir=directory
workdir=directory
userxattr
redirect_dir={on|off|follow|nofollow}
on
off
follow
nofollow
index={on|off}
uuid={on|off}
nfs_export={on|off}
With the "nfs_export" feature, on copy_up of any lower object, an index entry is created under the index directory. The index entry name is the hexadecimal representation of the copy up origin file handle. For a non-directory object, the index entry is a hard link to the upper inode. For a directory object, the index entry has an extended attribute "{trusted|user}.overlay.upper" with an encoded file handle of the upper directory inode.
When encoding a file handle from an overlay filesystem object, the following rules apply
The encoded overlay file handle includes
This encoding format is identical to the encoding format of file handles that are stored in extended attribute "{trusted|user}.overlay.origin". When decoding an overlay file handle, the following steps are followed
Decoding a non-directory file handle may return a disconnected dentry. copy_up of that disconnected dentry will create an upper index entry with no upper alias.
When overlay filesystem has multiple lower layers, a middle layer directory may have a "redirect" to lower directory. Because middle layer "redirects" are not indexed, a lower file handle that was encoded from the "redirect" origin directory, cannot be used to find the middle or upper layer directory. Similarly, a lower file handle that was encoded from a descendant of the "redirect" origin directory, cannot be used to reconstruct a connected overlay path. To mitigate the cases of directories that cannot be decoded from a lower file handle, these directories are copied up on encode and encoded as an upper file handle. On an overlay filesystem with no upper layer this mitigation cannot be used NFS export in this setup requires turning off redirect follow (e.g. "redirect_dir=nofollow").
The overlay filesystem does not support non-directory connectable file handles, so exporting with the subtree_check exportfs configuration will cause failures to lookup files over NFS.
When the NFS export feature is enabled, all directory index entries are verified on mount time to check that upper file handles are not stale. This verification may cause significant overhead in some cases.
Note: the mount options index=off,nfs_export=on are conflicting for a read-write mount and will result in an error.
xino={on|off|auto}
For a detailed description of the effect of this option please refer to <https://docs.kernel.org/filesystems/overlayfs.html>
metacopy={on|off}
In other words, this is delayed data copy up operation and data is copied up when there is a need to actually modify data.
volatile
The advantage of mounting with the "volatile" option is that all forms of sync calls to the upper filesystem are omitted.
In order to avoid a giving a false sense of safety, the syncfs (and fsync) semantics of volatile mounts are slightly different than that of the rest of VFS. If any writeback error occurs on the upperdir’s filesystem after a volatile mount takes place, all sync functions will return an error. Once this condition is reached, the filesystem will not recover, and every subsequent sync call will return an error, even if the upperdir has not experience a new error since the last sync call.
When overlay is mounted with "volatile" option, the directory "$workdir/work/incompat/volatile" is created. During next mount, overlay checks for this directory and refuses to mount if present. This is a strong indicator that user should throw away upper and work directories and create fresh one. In very limited cases where the user knows that the system has not crashed and contents of upperdir are intact, The "volatile" directory can be removed.
Mount options for reiserfs¶
Reiserfs is a journaling filesystem.
conv
hash={rupasov|tea|r5|detect}
rupasov
tea
r5
detect
hashed_relocation
no_unhashed_relocation
noborder
nolog
notail
replayonly
resize=number
user_xattr
acl
barrier=none / barrier=flush
Mount options for ubifs¶
UBIFS is a flash filesystem which works on top of UBI volumes. Note that atime is not supported and is always turned off.
The device name may be specified as
ubiX_Y
ubiY
ubiX:NAME
ubi:NAME
Alternative ! separator may be used instead of :.
The following mount options are available:
bulk_read
no_bulk_read
chk_data_crc
no_chk_data_crc
compr={none|lzo|zlib}
Mount options for udf¶
UDF is the "Universal Disk Format" filesystem defined by OSTA, the Optical Storage Technology Association, and is often used for DVD-ROM, frequently in the form of a hybrid UDF/ISO-9660 filesystem. It is, however, perfectly usable by itself on disk drives, flash drives and other block devices. See also iso9660.
uid=
gid=
umask=
mode=
dmode=
bs=
For other details see the mkudffs(8) 2.0+ manpage, see the COMPATIBILITY and BLOCK SIZE sections.
unhide
undelete
adinicb
noadinicb
shortad
longad
nostrict
iocharset=
utf8
Mount options for debugging and disaster recovery¶
novrs
session=
anchor=
lastblock=
Unused historical mount options that may be encountered and should be removed¶
uid=ignore
gid=ignore
volume=
partition=
fileset=
rootdir=
Mount options for ufs¶
ufstype=value
old
44bsd
ufs2
5xbsd
sun
sunx86
hp
nextstep
nextstep-cd
openstep
onerror=value
panic
[lock|umount|repair]
Mount options for umsdos¶
See mount options for msdos. The dotsOK option is explicitly killed by umsdos.
Mount options for vfat¶
First of all, the mount options for fat are recognized. The dotsOK option is explicitly killed by vfat. Furthermore, there are
uni_xlate
posix
nonumtail
utf8
shortname=mode
lower
win95
winnt
mixed
Mount options for usbfs¶
devuid=uid and devgid=gid and devmode=mode
busuid=uid and busgid=gid and busmode=mode
listuid=uid and listgid=gid and listmode=mode
DM-VERITY SUPPORT¶
The device-mapper verity target provides read-only transparent integrity checking of block devices using kernel crypto API. The mount command can open the dm-verity device and do the integrity verification before the device filesystem is mounted. Requires libcryptsetup with in libmount (optionally via dlopen(3)). If libcryptsetup supports extracting the root hash of an already mounted device, existing devices will be automatically reused in case of a match. Mount options for dm-verity:
verity.hashdevice=path
verity.roothash=hex
verity.roothashfile=path
verity.hashoffset=offset
verity.fecdevice=path
verity.fecoffset=offset
verity.fecroots=value
verity.roothashsig=path
verity.oncorruption=ignore|restart|panic
Supported since util-linux v2.35.
For example commands:
mksquashfs /etc /tmp/etc.raw veritysetup format /tmp/etc.raw /tmp/etc.verity --root-hash-file=/tmp/etc.roothash openssl smime -sign -in /tmp/etc.roothash -nocerts -inkey private.key \ -signer private.crt -noattr -binary -outform der -out /tmp/etc.roothash.p7s mount -o verity.hashdevice=/tmp/etc.verity,verity.roothashfile=/tmp/etc.roothash,\ verity.roothashsig=/tmp/etc.roothash.p7s /tmp/etc.raw /mnt
create squashfs image from /etc directory, verity hash device and mount verified filesystem image to /mnt. The kernel will verify that the root hash is signed by a key from the kernel keyring if roothashsig is used.
LOOP-DEVICE SUPPORT¶
One further possible type is a mount via the loop device. For example, the command
mount /tmp/disk.img /mnt -t vfat -o loop=/dev/loop3
will set up the loop device /dev/loop3 to correspond to the file /tmp/disk.img, and then mount this device on /mnt.
If no explicit loop device is mentioned (but just an option '-o loop' is given), then mount will try to find some unused loop device and use that, for example
mount /tmp/disk.img /mnt -o loop
The mount command automatically creates a loop device from a regular file if a filesystem type is not specified or the filesystem is known for libblkid, for example:
mount /tmp/disk.img /mnt
mount -t ext4 /tmp/disk.img /mnt
This type of mount knows about three options, namely loop, offset and sizelimit, that are really options to losetup(8). (These options can be used in addition to those specific to the filesystem type.)
Since Linux 2.6.25 auto-destruction of loop devices is supported, meaning that any loop device allocated by mount will be freed by umount independently of /etc/mtab.
You can also free a loop device by hand, using losetup -d or umount -d.
Since util-linux v2.29, mount re-uses the loop device rather than initializing a new device if the same backing file is already used for some loop device with the same offset and sizelimit. This is necessary to avoid a filesystem corruption.
EXIT STATUS¶
mount has the following exit status values (the bits can be ORed):
0
1
2
4
8
16
32
64
The command mount -a returns 0 (all succeeded), 32 (all failed), or 64 (some failed, some succeeded).
EXTERNAL HELPERS¶
The syntax of external mount helpers is:
/sbin/mount.suffix spec dir [-sfnv] [-N namespace] [-o options] [-t type.subtype]
where the suffix is the filesystem type and the -sfnvoN options have the same meaning as the normal mount options. The -t option is used for filesystems with subtypes support (for example /sbin/mount.fuse -t fuse.sshfs).
The command mount does not pass the mount options unbindable, runbindable, private, rprivate, slave, rslave, shared, rshared, auto, noauto, comment, x-*, loop, offset and sizelimit to the mount.<suffix> helpers. All other options are used in a comma-separated list as an argument to the -o option.
ENVIRONMENT¶
LIBMOUNT_FORCE_MOUNT2={always|never|auto}
LIBMOUNT_FSTAB=<path>
LIBMOUNT_DEBUG=all
LIBBLKID_DEBUG=all
LOOPDEV_DEBUG=all
FILES¶
See also "The files /etc/fstab, /etc/mtab and /proc/mounts" section above.
/etc/fstab
/run/mount
/etc/mtab
/etc/mtab~
/etc/mtab.tmp
/etc/filesystems
HISTORY¶
A mount command existed in Version 5 AT&T UNIX.
BUGS¶
It is possible for a corrupted filesystem to cause a crash.
Some Linux filesystems don’t support -o sync and -o dirsync (the ext2, ext3, ext4, fat and vfat filesystems do support synchronous updates (a la BSD) when mounted with the sync option).
The -o remount may not be able to change mount parameters (all ext2fs-specific parameters, except sb, are changeable with a remount, for example, but you can’t change gid or umask for the fatfs).
It is possible that the files /etc/mtab and /proc/mounts don’t match on systems with a regular mtab file. The first file is based only on the mount command options, but the content of the second file also depends on the kernel and others settings (e.g. on a remote NFS server — in certain cases the mount command may report unreliable information about an NFS mount point and the /proc/mount file usually contains more reliable information.) This is another reason to replace the mtab file with a symlink to the /proc/mounts file.
Checking files on NFS filesystems referenced by file descriptors (i.e. the fcntl and ioctl families of functions) may lead to inconsistent results due to the lack of a consistency check in the kernel even if the noac mount option is used.
The loop option with the offset or sizelimit options used may fail when using older kernels if the mount command can’t confirm that the size of the block device has been configured as requested. This situation can be worked around by using the losetup(8) command manually before calling mount with the configured loop device.
AUTHORS¶
Karel Zak <kzak@redhat.com>
SEE ALSO¶
mount(2), umount(2), filesystems(5), fstab(5), nfs(5), xfs(5), mount_namespaces(7), xattr(7), e2label(8), findmnt(8), losetup(8), lsblk(8), mke2fs(8), mountd(8), nfsd(8), swapon(8), tune2fs(8), umount(8), xfs_admin(8)
REPORTING BUGS¶
For bug reports, use the issue tracker at <https://github.com/util-linux/util-linux/issues>.
AVAILABILITY¶
The mount command is part of the util-linux package which can be downloaded from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-linux/>.
2024-07-04 | util-linux 2.40.2 |