NFS server

NFS server

install

sudo apt install nfs-kernel-server

start

sudo systemctl start nfs-kernel-server.service

创建共享文件夹

$ sudo mkdir -p /mnt/nfs_share

修改共享文件夹权限

$ sudo chown -R nobody:nogroup /mnt/nfs_share/
$ sudo chmod 777 /mnt/nfs_share/

config

sudo vim /etc/exports

授权给指定的ip主机

/mnt/storage *(rw,sync,no_subtree_check,all_squash)
ro                      只读访问 
rw                      读写访问 
sync                    所有数据在请求时写入共享 
async                   NFS在写入数据前可以相应请求 
secure                  NFS通过1024以下的安全TCP/IP端口发送 
insecure                NFS通过1024以上的端口发送 
wdelay                  如果多个用户要写入NFS目录,则归组写入(默认) 
no_wdelay               如果多个用户要写入NFS目录,则立即写入,当使用async时,无需此设置。 
hide                    在NFS共享目录中不共享其子目录 
no_hide                 共享NFS目录的子目录 
subtree_check           如果共享/usr/bin之类的子目录时,强制NFS检查父目录的权限(默认) 
no_subtree_check        和上面相对,不检查父目录权限 
all_squash              共享文件的UID和GID映射匿名用户anonymous,适合公用目录。 
no_all_squash           保留共享文件的UID和GID(默认) 
root_squash             root用户的所有请求映射成如anonymous用户一样的权限(默认) 
no_root_squas           root用户具有根目录的完全管理访问权限 
anonuid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的UID 
anongid=xxx             指定NFS服务器/etc/passwd文件中匿名用户的GID 

修改完成后,应用修改,重启服务

#$ sudo exportfs -a
#$ sudo systemctl restart nfs-kernel-server
$ sudo exportfs -ra

修改防火墙配置,允许主机通过防火墙

$ sudo ufw allow from 192.168.43.0/24 to any port nfs

开启关闭防火墙

$ sudo ufw enable
$ sudo ufw status

NFS client

$ sudo apt install nfs-common
$ sudo mkdir -p /mnt/nfs_clientshare
$ sudo mount 192.168.43.234:/mnt/nfs_share  /mnt/nfs_clientshare

192.168.43.234 为nfs server的ip

查看指定IP的主机nfs共享的文件夹有哪些

showmount -e  192.168.1.1

查看系统磁盘文件系统类型

df -T

Linux NFS Mount Entry in fstab ( /etc/fstab ) with Example

NFS stands for ‘Network File System’. This mechanism allows unix machines to
share files and directories over the network. Using this feature, a Linux
machine can mount a remote directory (residing in a NFS server machine) just
like a local directory and can access files from it.

A NFS share can be mounted on a machine by adding a line to the /etc/fstab file.

The default syntax for fstab entry of NFS mounts is as follows.

Server:/path/to/export /local_mountpoint nfs <options> 0 0

Server: This should be replaced with the exact hostname or IP address of the NFS server where the exported directory resides.

/path/to/export: This should be replaced with the exact shared directory (exported folder) path.

/local_mountpoint: This should be replaced with an existing directory in the server where you want to mount the NFS share.

Fstab NFS options

You can specify a number of mount points which you want to set on the NFS mount.
We will go through the important mount options which you may consider while mounting a NFS share.

1) soft/hard

When the mount option hard is set, if the NFS server crashes or becomes unresponsive,
the NFS requests will be retried indefinitely. You can set the mount option intr,
so that the process can be interrupted. When the NFS server comes back online,
the process can be continued from where it was while the server became unresponsive.

When the option soft is set, the process will be reported an error when the NFS
server is unresponsive after waiting for a period of time (defined by the timeo option).
In certain cases soft option can cause data corruption and loss of data.
So, it is recommended to use hard and intr options.

2) timeo=n

This option defines the time (in tenths of a second) the NFS client waits for
a response before it retries an NFS request.

3) intr

This allows NFS requests to be interrupted if the server goes down or cannot be
reached. Using the intr option is preferred to using the soft option because it
is significantly less likely to result in data corruption.

4) rsize=num and wsize=num

This defines the maximum number of bytes in each READ/WRITE request that the
NFS client can receive/send when communicating with a NFS server. The rsize/wsize
value is a positive integral multiple of 1024. Specified rsize values lower
than 1024 are replaced with 4096; values larger than 1048576 are replaced with 1048576.
If a specified value is within the supported range but not a multiple of 1024,
it is rounded down to the nearest multiple of 1024.

5) retrans=n

The number of times the NFS client retries a request before it attempts further
recovery action. If the retrans option is not specified, the NFS client tries
each request three times. The NFS client generates a "server not responding"
message after retrans retries, then attempts further recovery
(depending on whether the hard mount option is in effect).

6) noexec

Prevents execution of binaries on mounted file systems. This is useful if the
system is mounting a non-Linux file system via NFS containing incompatible binaries.

7) nosuid

Disables set-user-identifier or set-group-identifier bits. This prevents remote
users from gaining higher privileges by running a setuid program.

8) tcp

This specifies the NFS mount to use the TCP protocol.

9) udp

This specifies the NFS mount to use the UDP protocol.

Sample NFS fstab entry

A sample fstab entry for NFS share is as follows.

host.myserver.com:/home /mnt/home nfs nosuid,rw,hard,intr,rsize=8192,wsize=8192,timeo=14 0 0

This will make the export directory /home to be available on the NFS client machine.
You can mount the NFS share just like you mount a local folder.

mount /mnt/home

https://linoxide.com/file-system/example-linux-nfs-mount-entry-in-fstab-etcfstab

exports

exports(5) — Linux manual page

NAME | DESCRIPTION | EXAMPLE | FILES | SEE ALSO | COLOPHON
	

exports(5)                   File Formats Manual                  exports(5)

NAME         top

       exports - NFS server export table

DESCRIPTION         top

       The file /etc/exports contains a table of local physical file systems
       on an NFS server that are accessible to NFS clients.  The contents of
       the file are maintained by the server's system administrator.

       Each file system in this table has a list of options and an access
       control list.  The table is used by exportfs(8) to give information
       to mountd(8).

       The file format is similar to the SunOS exports file. Each line
       contains an export point and a whitespace-separated list of clients
       allowed to mount the file system at that point. Each listed client
       may be immediately followed by a parenthesized, comma-separated list
       of export options for that client. No whitespace is permitted between
       a client and its option list.

       Also, each line may have one or more specifications for default
       options after the path name, in the form of a dash ("-") followed by
       an option list. The option list is used for all subsequent exports on
       that line only.

       Blank lines are ignored.  A pound sign ("#") introduces a comment to
       the end of the line. Entries may be continued across newlines using a
       backslash. If an export name contains spaces it should be quoted
       using double quotes. You can also specify spaces or other unusual
       character in the export name using a backslash followed by the
       character code as three octal digits.

       To apply changes to this file, run exportfs -ra or restart the NFS
       server.

   Machine Name Formats
       NFS clients may be specified in a number of ways:

       single host
              You may specify a host either by an abbreviated name
              recognized be the resolver, the fully qualified domain name,
              an IPv4 address, or an IPv6 address. IPv6 addresses must not
              be inside square brackets in /etc/exports lest they be
              confused with character-class wildcard matches.

       IP networks
              You can also export directories to all hosts on an IP (sub-)
              network simultaneously. This is done by specifying an IP
              address and netmask pair as address/netmask where the netmask
              can be specified in dotted-decimal format, or as a contiguous
              mask length.  For example, either `/255.255.252.0' or `/22'
              appended to the network base IPv4 address results in identical
              subnetworks with 10 bits of host. IPv6 addresses must use a
              contiguous mask length and must not be inside square brackets
              to avoid confusion with character-class wildcards. Wildcard
              characters generally do not work on IP addresses, though they
              may work by accident when reverse DNS lookups fail.

       wildcards
              Machine names may contain the wildcard characters * and ?, or
              may contain character class lists within [square brackets].
              This can be used to make the exports file more compact; for
              instance, *.cs.foo.edu matches all hosts in the domain
              cs.foo.edu.  As these characters also match the dots in a
              domain name, the given pattern will also match all hosts
              within any subdomain of cs.foo.edu.

       netgroups
              NIS netgroups may be given as @group.  Only the host part of
              each netgroup members is consider in checking for membership.
              Empty host parts or those containing a single dash (-) are
              ignored.

       anonymous
              This is specified by a single * character (not to be confused
              with the wildcard entry above) and will match all clients.

       If a client matches more than one of the specifications above, then
       the first match from the above list order takes precedence -
       regardless of the order they appear on the export line. However, if a
       client matches more than one of the same type of specification (e.g.
       two netgroups), then the first match from the order they appear on
       the export line takes precedence.

   RPCSEC_GSS security
       You may use the special strings "gss/krb5", "gss/krb5i", or
       "gss/krb5p" to restrict access to clients using rpcsec_gss security.
       However, this syntax is deprecated; on linux kernels since 2.6.23,
       you should instead use the "sec=" export option:

       sec=   The sec= option, followed by a colon-delimited list of
              security flavors, restricts the export to clients using those
              flavors.  Available security flavors include sys (the
              default--no cryptographic security), krb5 (authentication
              only), krb5i (integrity protection), and krb5p (privacy
              protection).  For the purposes of security flavor negotiation,
              order counts: preferred flavors should be listed first.  The
              order of the sec= option with respect to the other options
              does not matter, unless you want some options to be enforced
              differently depending on flavor.  In that case you may include
              multiple sec= options, and following options will be enforced
              only for access using flavors listed in the immediately
              preceding sec= option.  The only options that are permitted to
              vary in this way are ro, rw, no_root_squash, root_squash, and
              all_squash.

   General Options
       exportfs understands the following export options:

       secure This option requires that requests not using gss originate on
              an Internet port less than IPPORT_RESERVED (1024). This option
              is on by default.  To turn it off, specify insecure.  (NOTE:
              older kernels (before upstream kernel version 4.17) enforced
              this requirement on gss requests as well.)

       rw     Allow both read and write requests on this NFS volume. The
              default is to disallow any request which changes the
              filesystem.  This can also be made explicit by using the ro
              option.

       async  This option allows the NFS server to violate the NFS protocol
              and reply to requests before any changes made by that request
              have been committed to stable storage (e.g. disc drive).

              Using this option usually improves performance, but at the
              cost that an unclean server restart (i.e. a crash) can cause
              data to be lost or corrupted.

       sync   Reply to requests only after the changes have been committed
              to stable storage (see async above).

              In releases of nfs-utils up to and including 1.0.0, the async
              option was the default.  In all releases after 1.0.0, sync is
              the default, and async must be explicitly requested if needed.
              To help make system administrators aware of this change,
              exportfs will issue a warning if neither sync nor async is
              specified.

       no_wdelay
              This option has no effect if async is also set.  The NFS
              server will normally delay committing a write request to disc
              slightly if it suspects that another related write request may
              be in progress or may arrive soon.  This allows multiple write
              requests to be committed to disc with the one operation which
              can improve performance.  If an NFS server received mainly
              small unrelated requests, this behaviour could actually reduce
              performance, so no_wdelay is available to turn it off.  The
              default can be explicitly requested with the wdelay option.

       nohide This option is based on the option of the same name provided
              in IRIX NFS.  Normally, if a server exports two filesystems
              one of which is mounted on the other, then the client will
              have to mount both filesystems explicitly to get access to
              them.  If it just mounts the parent, it will see an empty
              directory at the place where the other filesystem is mounted.
              That filesystem is "hidden".

              Setting the nohide option on a filesystem causes it not to be
              hidden, and an appropriately authorised client will be able to
              move from the parent to that filesystem without noticing the
              change.

              However, some NFS clients do not cope well with this situation
              as, for instance, it is then possible for two files in the one
              apparent filesystem to have the same inode number.

              The nohide option is currently only effective on single host
              exports.  It does not work reliably with netgroup, subnet, or
              wildcard exports.

              This option can be very useful in some situations, but it
              should be used with due care, and only after confirming that
              the client system copes with the situation effectively.

              The option can be explicitly disabled for NFSv2 and NFSv3 with
              hide.

              This option is not relevant when NFSv4 is use.  NFSv4 never
              hides subordinate filesystems.  Any filesystem that is
              exported will be visible where expected when using NFSv4.

       crossmnt
              This option is similar to nohide but it makes it possible for
              clients to access all filesystems mounted on a filesystem
              marked with crossmnt.  Thus when a child filesystem "B" is
              mounted on a parent "A", setting crossmnt on "A" has a similar
              effect to setting "nohide" on B.

              With nohide the child filesystem needs to be explicitly
              exported.  With crossmnt it need not.  If a child of a
              crossmnt file is not explicitly exported, then it will be
              implicitly exported with the same export options as the
              parent, except for fsid=.  This makes it impossible to not
              export a child of a crossmnt filesystem.  If some but not all
              subordinate filesystems of a parent are to be exported, then
              they must be explicitly exported and the parent should not
              have crossmnt set.

              The nocrossmnt option can explictly disable crossmnt if it was
              previously set.  This is rarely useful.

       no_subtree_check
              This option disables subtree checking, which has mild security
              implications, but can improve reliability in some
              circumstances.

              If a subdirectory of a filesystem is exported, but the whole
              filesystem isn't then whenever a NFS request arrives, the
              server must check not only that the accessed file is in the
              appropriate filesystem (which is easy) but also that it is in
              the exported tree (which is harder). This check is called the
              subtree_check.

              In order to perform this check, the server must include some
              information about the location of the file in the "filehandle"
              that is given to the client.  This can cause problems with
              accessing files that are renamed while a client has them open
              (though in many simple cases it will still work).

              subtree checking is also used to make sure that files inside
              directories to which only root has access can only be accessed
              if the filesystem is exported with no_root_squash (see below),
              even if the file itself allows more general access.

              As a general guide, a home directory filesystem, which is
              normally exported at the root and may see lots of file
              renames, should be exported with subtree checking disabled.  A
              filesystem which is mostly readonly, and at least doesn't see
              many file renames (e.g. /usr or /var) and for which
              subdirectories may be exported, should probably be exported
              with subtree checks enabled.

              The default of having subtree checks enabled, can be
              explicitly requested with subtree_check.

              From release 1.1.0 of nfs-utils onwards, the default will be
              no_subtree_check as subtree_checking tends to cause more
              problems than it is worth.  If you genuinely require subtree
              checking, you should explicitly put that option in the exports
              file.  If you put neither option, exportfs will warn you that
              the change is pending.

       insecure_locks

       no_auth_nlm
              This option (the two names are synonymous) tells the NFS
              server not to require authentication of locking requests (i.e.
              requests which use the NLM protocol).  Normally the NFS server
              will require a lock request to hold a credential for a user
              who has read access to the file.  With this flag no access
              checks will be performed.

              Early NFS client implementations did not send credentials with
              lock requests, and many current NFS clients still exist which
              are based on the old implementations.  Use this flag if you
              find that you can only lock files which are world readable.

              The default behaviour of requiring authentication for NLM
              requests can be explicitly requested with either of the
              synonymous auth_nlm, or secure_locks.

       mountpoint=path

       mp     This option makes it possible to only export a directory if it
              has successfully been mounted.  If no path is given (e.g.
              mountpoint or mp) then the export point must also be a mount
              point.  If it isn't then the export point is not exported.
              This allows you to be sure that the directory underneath a
              mountpoint will never be exported by accident if, for example,
              the filesystem failed to mount due to a disc error.

              If a path is given (e.g.  mountpoint=/path or mp=/path) then
              the nominated path must be a mountpoint for the exportpoint to
              be exported.

       fsid=num|root|uuid
              NFS needs to be able to identify each filesystem that it
              exports.  Normally it will use a UUID for the filesystem (if
              the filesystem has such a thing) or the device number of the
              device holding the filesystem (if the filesystem is stored on
              the device).

              As not all filesystems are stored on devices, and not all
              filesystems have UUIDs, it is sometimes necessary to
              explicitly tell NFS how to identify a filesystem.  This is
              done with the fsid= option.

              For NFSv4, there is a distinguished filesystem which is the
              root of all exported filesystem.  This is specified with
              fsid=root or fsid=0 both of which mean exactly the same thing.

              Other filesystems can be identified with a small integer, or a
              UUID which should contain 32 hex digits and arbitrary
              punctuation.

              Linux kernels version 2.6.20 and earlier do not understand the
              UUID setting so a small integer must be used if an fsid option
              needs to be set for such kernels.  Setting both a small number
              and a UUID is supported so the same configuration can be made
              to work on old and new kernels alike.

       nordirplus
              This option will disable READDIRPLUS request handling.  When
              set, READDIRPLUS requests from NFS clients return
              NFS3ERR_NOTSUPP, and clients fall back on READDIR.  This
              option affects only NFSv3 clients.

       refer=path@host[+host][:path@host[+host]]
              A client referencing the export point will be directed to
              choose from the given list an alternative location for the
              filesystem.  (Note that the server must have a mountpoint
              here, though a different filesystem is not required; so, for
              example, mount --bind /path /path is sufficient.)

       replicas=path@host[+host][:path@host[+host]]
              If the client asks for alternative locations for the export
              point, it will be given this list of alternatives. (Note that
              actual replication of the filesystem must be handled
              elsewhere.)

       pnfs   This option enables the use of the pNFS extension if the
              protocol level is NFSv4.1 or higher, and the filesystem
              supports pNFS exports.  With pNFS clients can bypass the
              server and perform I/O directly to storage devices. The
              default can be explicitly requested with the no_pnfs option.

       security_label
              With this option set, clients using NFSv4.2 or higher will be
              able to set and retrieve security labels (such as those used
              by SELinux).  This will only work if all clients use a
              consistent security policy.  Note that early kernels did not
              support this export option, and instead enabled security
              labels by default.

   User ID Mapping
       nfsd bases its access control to files on the server machine on the
       uid and gid provided in each NFS RPC request. The normal behavior a
       user would expect is that she can access her files on the server just
       as she would on a normal file system. This requires that the same
       uids and gids are used on the client and the server machine. This is
       not always true, nor is it always desirable.

       Very often, it is not desirable that the root user on a client
       machine is also treated as root when accessing files on the NFS
       server. To this end, uid 0 is normally mapped to a different id: the
       so-called anonymous or nobody uid. This mode of operation (called
       `root squashing') is the default, and can be turned off with
       no_root_squash.

       By default, exportfs chooses a uid and gid of 65534 for squashed
       access. These values can also be overridden by the anonuid and
       anongid options.  Finally, you can map all user requests to the
       anonymous uid by specifying the all_squash option.

       Here's the complete list of mapping options:

       root_squash
              Map requests from uid/gid 0 to the anonymous uid/gid. Note
              that this does not apply to any other uids or gids that might
              be equally sensitive, such as user bin or group staff.

       no_root_squash
              Turn off root squashing. This option is mainly useful for
              diskless clients.

       all_squash
              Map all uids and gids to the anonymous user. Useful for NFS-
              exported public FTP directories, news spool directories, etc.
              The opposite option is no_all_squash, which is the default
              setting.

       anonuid and anongid
              These options explicitly set the uid and gid of the anonymous
              account.  This option is primarily useful for PC/NFS clients,
              where you might want all requests appear to be from one user.
              As an example, consider the export entry for /home/joe in the
              example section below, which maps all requests to uid 150
              (which is supposedly that of user joe).

   Subdirectory Exports
       Normally you should only export only the root of a filesystem.  The
       NFS server will also allow you to export a subdirectory of a
       filesystem, however, this has drawbacks:

       First, it may be possible for a malicious user to access files on the
       filesystem outside of the exported subdirectory, by guessing
       filehandles for those other files.  The only way to prevent this is
       by using the no_subtree_check option, which can cause other problems.

       Second, export options may not be enforced in the way that you would
       expect.  For example, the security_label option will not work on
       subdirectory exports, and if nested subdirectory exports change the
       security_label or sec= options, NFSv4 clients will normally see only
       the options on the parent export.  Also, where security options
       differ, a malicious client may use filehandle-guessing attacks to
       access the files from one subdirectory using the options from
       another.

   Extra Export Tables
       After reading /etc/exports exportfs reads files in the /etc/exports.d
       directory as extra export tables.  Only files ending in .exports are
       considered.  Files beginning with a dot are ignored.  The format for
       extra export tables is the same as /etc/exports

EXAMPLE         top

       # sample /etc/exports file
       /               master(rw) trusty(rw,no_root_squash)
       /projects       proj*.local.domain(rw)
       /usr            *.local.domain(ro) @trusted(rw)
       /home/joe       pc001(rw,all_squash,anonuid=150,anongid=100)
       /pub            *(ro,insecure,all_squash)
       /srv/www        -sync,rw server @trusted @external(ro)
       /foo            2001:db8:9:e54::/64(rw) 192.0.2.0/24(rw)
       /build          buildhost[0-9].local.domain(rw)

       The first line exports the entire filesystem to machines master and
       trusty.  In addition to write access, all uid squashing is turned off
       for host trusty. The second and third entry show examples for
       wildcard hostnames and netgroups (this is the entry `@trusted'). The
       fourth line shows the entry for the PC/NFS client discussed above.
       Line 5 exports the public FTP directory to every host in the world,
       executing all requests under the nobody account. The insecure option
       in this entry also allows clients with NFS implementations that don't
       use a reserved port for NFS.  The sixth line exports a directory
       read-write to the machine 'server' as well as the `@trusted'
       netgroup, and read-only to netgroup `@external', all three mounts
       with the `sync' option enabled. The seventh line exports a directory
       to both an IPv6 and an IPv4 subnet. The eighth line demonstrates a
       character class wildcard match.

FILES         top

       /etc/exports /etc/exports.d

状态验证

/etc/init.d/nfs-kernel-server status

service nfs-kernel-server status
nfsstat(8)                 System Manager's Manual                nfsstat(8)

NAME         top

       nfsstat - list NFS statistics

SYNOPSIS         top

       nfsstat [OPTION]...

DESCRIPTION         top

       The nfsstat displays statistics kept about NFS client and server
       activity.

OPTIONS         top

       -s, --server
              Print only server-side statistics. The default is to print
              both server and client statistics.

       -c, --client
              Print only client-side statistics.

       -n, --nfs
              Print only NFS statistics. The default is to print both NFS
              and RPC information.

       -2     Print only NFS v2 statistics. The default is to only print
              information about the versions of NFS that have non-zero
              counts.

       -3     Print only NFS v3 statistics. The default is to only print
              information about the versions of NFS that have non-zero
              counts.

       -4     Print only NFS v4 statistics. The default is to only print
              information about the versions of NFS that have non-zero
              counts.

       -m, --mounts
              Print information about each of the mounted NFS file systems.

              If this option is used, all other options are ignored.

       -r, --rpc
              Print only RPC statistics.

       -o facility
              Display statistics for the specified facility, which must be
              one of:

              nfs    NFS protocol information, split up by RPC call.

              rpc    General RPC information.

              net    Network layer statistics, such as the number of
                     received packets, number of TCP connections, etc.

              fh     Usage information on the server's file handle cache,
                     including the total number of lookups, and the number
                     of hits and misses.

              rc     Usage information on the server's request reply cache,
                     including the total number of lookups, and the number
                     of hits and misses.

              io     Usage information on the server's io statistics; bytes
                     read and written.

              ra     Usage information on the server's read ahead cache,
                     including the ra cache size, the depth of ra cache
                     hits, and ra cache misses.

              all    Display all of the above facilities.

       -v, --verbose
              This is equivalent to -o all.

       -l, --list
              Print information in list form.

       -S, --since file
              Instead of printing current statistics, nfsstat imports
              statistics from file and displays the difference between those
              and the current statistics.  Valid input files may be in the
              form of /proc/net/rpc/nfs (raw client stats),
              /proc/net/rpc/nfsd (raw server stats), or saved output from
              nfsstat itself (client and/or server stats).   Any statistics
              missing from a saved nfsstat output file are treated as
              zeroes.

       -Z[interval], --sleep=[interval]
              Instead of printing current statistics and immediately
              exiting, nfsstat takes a snapshot of the current statistics
              and pauses until it receives SIGINT (typically from Ctrl-C),
              at which point it takes another snapshot and displays the
              difference between the two.  If interval is specified, nfsstat
              will print the number of NFS calls made since the previous
              report.  Stats will be printed repeatedly every interval
              seconds.

EXAMPLES         top

       nfsstat -o all -234
              Show all information about all versions of NFS.

       nfsstat --verbose -234
              Same as above.

       nfsstat -o all
              Show all information about active versions of NFS.

       nfsstat --nfs --server -3
              Show statistics for NFS version 3 server.

       nfsstat -m
              Show information about mounted NFS filesystems.

DISPLAY         top

       The Flags output from the -m option is the same as the flags give to
       the mount command.

FILES         top

       /proc/net/rpc/nfsd
              procfs-based interface to kernel NFS server statistics.

       /proc/net/rpc/nfs
              procfs-based interface to kernel NFS client statistics.

       /proc/mounts
              procfs-based interface to the mounted filesystems.

mount

NAME         top

       mount - mount a filesystem

SYNOPSIS         top

       mount [-h|-V]

       mount [-l] [-t fstype]

       mount -a [-fFnrsvw] [-t fstype] [-O optlist]

       mount [-fnrsvw] [-o options] device|mountpoint

       mount [-fnrsvw] [-t fstype] [-o options] device mountpoint

       mount --bind|--rbind|--move olddir newdir

       mount
       --make-{shared|slave|private|unbindable|rshared|rslave|rprivate|runbindable}
       mountpoint

DESCRIPTION         top

       All files accessible in a Unix system are arranged in one big tree,
       the file hierarchy, rooted at /.  These files can be spread out over
       several devices.  The mount command serves to attach the filesystem
       found on some device to the big file tree.  Conversely, the umount(8)
       command will detach it again.  The filesystem is used to control how
       data is stored on the device or provided in a virtual way by network
       or other services.

       The standard form of the mount command is:

              mount -t type device dir

       This tells the kernel to attach the filesystem found on device (which
       is of type type) at the directory dir.  The option -t type is
       optional.  The mount command is usually able to detect a filesystem.
       The root permissions are necessary to mount a filesystem by default.
       See section "Non-superuser mounts" below for more details.  The
       previous contents (if any) and owner and mode of dir become
       invisible, and as long as this filesystem remains mounted, the
       pathname dir refers to the root of the filesystem on device.

       If only the directory or the device is given, for example:

              mount /dir

       then mount looks for a mountpoint (and if not found then for a
       device) in the /etc/fstab file.  It's possible to use the --target or
       --source options to avoid ambiguous interpretation of the given
       argument.  For example:

              mount --target /mountpoint

       The same filesystem may be mounted more than once, and in some cases
       (e.g., network filesystems) the same filesystem may be mounted on the
       same mountpoint multiple times. The mount command does not implement
       any policy to control this behavior. All behavior is controlled by
       the kernel and it is usually specific to the filesystem driver. The
       exception is --all, in this case already mounted filesystems are
       ignored (see --all below for more details).

   Listing the mounts
       The listing mode is maintained for backward compatibility only.

       For more robust and customizable output use findmnt(8), especially in
       your scripts.  Note that control characters in the mountpoint name
       are replaced with '?'.

       The following command lists all mounted filesystems (of type type):

              mount [-l] [-t type]

       The option -l adds labels to this listing.  See below.

   Indicating the device and filesystem
       Most devices are indicated by a filename (of a block special device),
       like /dev/sda1, but there are other possibilities.  For example, in
       the case of an NFS mount, device may look like knuth.cwi.nl:/dir.

       The device names of disk partitions are unstable; hardware
       reconfiguration, and adding or removing a device can cause changes in
       names.  This is the reason why it's strongly recommended to use
       filesystem or partition identifiers like UUID or LABEL. Currently
       supported identifiers (tags):

              LABEL=label
                     Human readable filesystem identifier. See also -L.

              UUID=uuid
                     Filesystem universally unique identifier. The format of
                     the UUID is usually a series of hex digits separated by
                     hyphens. See also -U.

                     Note that mount(8) uses UUIDs as strings.  The UUIDs
                     from the command line or from fstab(5) are not
                     converted to internal binary representation.  The
                     string representation of the UUID should be based on
                     lower case characters.

              PARTLABEL=label
                     Human readable partition identifier.  This identifier
                     is independent on filesystem and does not change by
                     mkfs or mkswap operations It's supported for example
                     for GUID Partition Tables (GPT).

              PARTUUID=uuid
                     Partition universally unique identifier.  This
                     identifier is independent on filesystem and does not
                     change by mkfs or mkswap operations  It's supported for
                     example for GUID Partition Tables (GPT).

              ID=id  Hardware block device ID as generated by udevd.  This
                     identifier is usually based on WWN (unique storage
                     identifier) and assigned by the hardware manufacturer.
                     See ls /dev/disk/by-id for more details, this directory
                     and running udevd is required.  This identifier is not
                     recommended for generic use as the identifier is not
                     strictly defined and it depends on udev, udev rules and
                     hardware.

       The command lsblk --fs provides an overview of filesystems, LABELs
       and UUIDs on available block devices.  The command blkid -p <device>
       provides details about a filesystem on the specified device.

       Don't forget that there is no guarantee that UUIDs and labels are
       really unique, especially if you move, share or copy the device.  Use
       lsblk -o +UUID,PARTUUID to verify that the UUIDs are really unique in
       your system.

       The recommended setup is to use tags (e.g. UUID=uuid) rather than
       /dev/disk/by-{label,uuid,id,partuuid,partlabel} udev symlinks in the
       /etc/fstab file.  Tags are more readable, robust and portable.  The
       mount(8) command internally uses udev symlinks, so the use of
       symlinks in /etc/fstab has no advantage over tags.  For more details
       see libblkid(3).

       The proc filesystem is not associated with a special device, and when
       mounting it, an arbitrary keyword—for example, proc—can be used
       instead of a device specification.  (The customary choice none is
       less fortunate: the error message `none already mounted' from mount
       can be confusing.)

   The files /etc/fstab, /etc/mtab and /proc/mounts
       The file /etc/fstab (see fstab(5)), may contain lines describing what
       devices are usually mounted where, using which options.  The default
       location of the fstab(5) file can be overridden with the --fstab path
       command-line option (see below for more details).

       The command

              mount -a [-t type] [-O optlist]

       (usually given in a bootscript) causes all filesystems mentioned in
       fstab (of the proper type and/or having or not having the proper
       options) to be mounted as indicated, except for those whose line
       contains the noauto keyword.  Adding the -F option will make mount
       fork, so that the filesystems are mounted in parallel.

       When mounting a filesystem mentioned in fstab or mtab, it suffices to
       specify on the command line only the device, or only the mount point.

       The programs mount and umount traditionally maintained a list of
       currently mounted filesystems in the file /etc/mtab.  The support for
       regular classic /etc/mtab is completely disabled at compile time by
       default, because on current Linux systems it is better to make
       /etc/mtab a symlink to /proc/mounts instead. The regular mtab file
       maintained in userspace cannot reliably work with namespaces,
       containers and other advanced Linux features.  If the regular mtab
       support is enabled, then it's possible to use the file as well as the
       symlink.

       If no arguments are given to mount, the list of mounted filesystems
       is printed.

       If you want to override mount options from /etc/fstab, you have to
       use the -o option:

              mount device|dir -o options

       and then the mount options from the command line will be appended to
       the list of options from /etc/fstab.  This default behaviour can be
       changed using the --options-mode command-line option.  The usual
       behavior is that the last option wins if there are conflicting ones.

       The mount program does not read the /etc/fstab file if both device
       (or LABEL, UUID, ID, PARTUUID or PARTLABEL) and dir are specified.
       For example, to mount device foo at /dir:

              mount /dev/foo /dir

       This default behaviour can be changed by using the
       --options-source-force command-line option to always read
       configuration from fstab.  For non-root users mount always reads the
       fstab configuration.

   Non-superuser mounts
       Normally, only the superuser can mount filesystems.  However, when
       fstab contains the user option on a line, anybody can mount the
       corresponding filesystem.

       Thus, given a line

              /dev/cdrom  /cd  iso9660  ro,user,noauto,unhide

       any user can mount the iso9660 filesystem found on an inserted CDROM
       using the command:

              mount /cd

       Note that mount is very strict about non-root users and all paths
       specified on command line are verified before fstab is parsed or a
       helper program is executed. It's strongly recommended to use a valid
       mountpoint to specify filesystem, otherwise mount may fail. For
       example it's a bad idea to use NFS or CIFS source on command line.

       Since util-linux 2.35, mount does not exit when user permissions are
       inadequate according to libmount's internal security rules.  Instead,
       it drops suid permissions and continues as regular non-root user.
       This behavior supports use-cases where root permissions are not
       necessary (e.g., fuse filesystems, user namespaces, etc).

       For more details, see fstab(5).  Only the user that mounted a
       filesystem can unmount it again.  If any user should be able to
       unmount it, then use users instead of user in the fstab line.  The
       owner option is similar to the user option, with the restriction that
       the user must be the owner of the special file.  This may be useful
       e.g. for /dev/fd if a login script makes the console user owner of
       this device.  The group option is similar, with the restriction that
       the user must be a member of the group of the special file.

   Bind mount operation
       Remount part of the file hierarchy somewhere else.  The call is:

              mount --bind olddir newdir

       or by using this fstab entry:

              /olddir /newdir none bind

       After this call the same contents are accessible in two places.

       It is important to understand that "bind" does not create any second-
       class or special node in the kernel VFS. The "bind" is just another
       operation to attach a filesystem. There is nowhere stored information
       that the filesystem has been attached by a "bind" operation. The
       olddir and newdir are independent and the olddir may be unmounted.

       One can also remount a single file (on a single file).  It's also
       possible to use a bind mount to create a mountpoint from a regular
       directory, for example:

              mount --bind foo foo

       The bind mount call attaches only (part of) a single filesystem, not
       possible submounts.  The entire file hierarchy including submounts
       can be attached a second place by using:

              mount --rbind olddir newdir

       Note that the filesystem mount options maintained by the kernel will
       remain the same as those on the original mount point.  The userspace
       mount options (e.g., _netdev) will not be copied by mount and it's
       necessary to explicitly specify the options on the mount command
       line.

       Since util-linux 2.27 mount(8) permits changing the mount options by
       passing the relevant options along with --bind.  For example:

              mount -o bind,ro foo foo

       This feature is not supported by the Linux kernel; it is implemented
       in userspace by an additional mount(2) remounting system call.  This
       solution is not atomic.

       The alternative (classic) way to create a read-only bind mount is to
       use the remount operation, for example:

              mount --bind olddir newdir
              mount -o remount,bind,ro olddir newdir

       Note that a read-only bind will create a read-only mountpoint (VFS
       entry), but the original filesystem superblock will still be
       writable, meaning that the olddir will be writable, but the newdir
       will be read-only.

       It's also possible to change nosuid, nodev, noexec, noatime,
       nodiratime and relatime VFS entry flags via a "remount,bind"
       operation.  The other flags (for example filesystem-specific flags)
       are silently ignored.  It's impossible to change mount options
       recursively (for example with -o rbind,ro).

       Since util-linux 2.31, mount ignores the bind flag from /etc/fstab on
       a remount operation (if "-o remount" is specified on command line).
       This is necessary to fully control mount options on remount by
       command line. In previous versions the bind flag has been always
       applied and it was impossible to re-define mount options without
       interaction with the bind semantic. This mount(8) behavior does not
       affect situations when "remount,bind" is specified in the /etc/fstab
       file.

   The move operation
       Move a mounted tree to another place (atomically).  The call is:

              mount --move olddir newdir

       This will cause the contents which previously appeared under olddir
       to now be accessible under newdir.  The physical location of the
       files is not changed.  Note that olddir has to be a mountpoint.

       Note also that moving a mount residing under a shared mount is
       invalid and unsupported.  Use findmnt -o TARGET,PROPAGATION to see
       the current propagation flags.

   Shared subtree operations
       Since Linux 2.6.15 it is possible to mark a mount and its submounts
       as shared, private, slave or unbindable.  A shared mount provides the
       ability to create mirrors of that mount such that mounts and unmounts
       within any of the mirrors propagate to the other mirror.  A slave
       mount receives propagation from its master, but not vice versa.  A
       private mount carries no propagation abilities.  An unbindable mount
       is a private mount which cannot be cloned through a bind operation.
       The detailed semantics are documented in
       Documentation/filesystems/sharedsubtree.txt file in the kernel source
       tree; see also mount_namespaces(7).

       Supported operations are:

              mount --make-shared mountpoint
              mount --make-slave mountpoint
              mount --make-private mountpoint
              mount --make-unbindable mountpoint

       The following commands allow one to recursively change the type of
       all the mounts under a given mountpoint.

              mount --make-rshared mountpoint
              mount --make-rslave mountpoint
              mount --make-rprivate mountpoint
              mount --make-runbindable mountpoint

       mount(8) does not read fstab(5) when a --make-* operation is
       requested.  All necessary information has to be specified on the
       command line.

       Note that the Linux kernel does not allow changing multiple
       propagation flags with a single mount(2) system call, and the flags
       cannot be mixed with other mount options and operations.

       Since util-linux 2.23 the mount command can be used to do more
       propagation (topology) changes by one mount(8) call and do it also
       together with other mount operations.  This feature is EXPERIMENTAL.
       The propagation flags are applied by additional mount(2) system calls
       when the preceding mount operations were successful.  Note that this
       use case is not atomic.  It is possible to specify the propagation
       flags in fstab(5) as mount options (private, slave, shared,
       unbindable, rprivate, rslave, rshared, runbindable).

       For example:

              mount --make-private --make-unbindable /dev/sda1 /foo

       is the same as:

              mount /dev/sda1 /foo
              mount --make-private /foo
              mount --make-unbindable /foo

COMMAND-LINE OPTIONS         top

       The full set of mount options used by an invocation of mount is
       determined by first extracting the mount options for the filesystem
       from the fstab table, then applying any options specified by the -o
       argument, and finally applying a -r or -w option, when present.

       The mount command does not pass all command-line options to the
       /sbin/mount.suffix mount helpers.  The interface between mount and
       the mount helpers is described below in the section EXTERNAL HELPERS.

       Command-line options available for the mount command are:

       -a, --all
              Mount all filesystems (of the given types) mentioned in fstab
              (except for those whose line contains the noauto keyword).
              The filesystems are mounted following their order in fstab.
              The mount command compares filesystem source, target (and fs
              root for bind mount or btrfs) to detect already mounted
              filesystems. The kernel table with already mounted filesystems
              is cached during mount --all. This means that all duplicated
              fstab entries will be mounted.

              The option --all is possible to use for remount operation too.
              In this case all filters (-t and -O) are applied to the table
              of already mounted filesystems.

              Since version 2.35 is possible to use the command line option
              -o to alter mount options from fstab (see also
              --options-mode).

              Note that it is a bad practice to use mount -a for fstab
              checking. The recommended solution is findmnt --verify.

       -B, --bind
              Remount a subtree somewhere else (so that its contents are
              available in both places).  See above, under Bind mounts.

       -c, --no-canonicalize
              Don't canonicalize paths.  The mount command canonicalizes all
              paths (from the command line or fstab) by default.  This
              option can be used together with the -f flag for already
              canonicalized absolute paths.  The option is designed for
              mount helpers which call mount -i.  It is strongly recommended
              to not use this command-line option for normal mount
              operations.

              Note that mount(8) does not pass this option to the
              /sbin/mount.type helpers.

       -F, --fork
              (Used in conjunction with -a.)  Fork off a new incarnation of
              mount for each device.  This will do the mounts on different
              devices or different NFS servers in parallel.  This has the
              advantage that it is faster; also NFS timeouts proceed in
              parallel.  A disadvantage is that the order of the mount
              operations is undefined.  Thus, you cannot use this option if
              you want to mount both /usr and /usr/spool.

       -f, --fake
              Causes everything to be done except for the actual system
              call; if it's not obvious, this ``fakes'' mounting the
              filesystem.  This option is useful in conjunction with the -v
              flag to determine what the mount command is trying to do.  It
              can also be used to add entries for devices that were mounted
              earlier with the -n option.  The -f option checks for an
              existing record in /etc/mtab and fails when the record already
              exists (with a regular non-fake mount, this check is done by
              the kernel).

       -i, --internal-only
              Don't call the /sbin/mount.filesystem helper even if it
              exists.

       -L, --label label
              Mount the partition that has the specified label.

       -l, --show-labels
              Add the labels in the mount output.  mount must have
              permission to read the disk device (e.g. be set-user-ID root)
              for this to work.  One can set such a label for ext2, ext3 or
              ext4 using the e2label(8) utility, or for XFS using
              xfs_admin(8), or for reiserfs using reiserfstune(8).

       -M, --move
              Move a subtree to some other place.  See above, the subsection
              The move operation.

       -n, --no-mtab
              Mount without writing in /etc/mtab.  This is necessary for
              example when /etc is on a read-only filesystem.

       -N, --namespace ns
              Perform the mount operation in the mount namespace specified
              by ns.  ns is either PID of process running in that namespace
              or special file representing that namespace.

              mount(8) switches to the mount namespace when it reads
              /etc/fstab, writes /etc/mtab (or writes to /run/mount) and
              calls the mount(2) system call, otherwise it runs in the
              original mount namespace.  This means that the target
              namespace does not have to contain any libraries or other
              requirements necessary to execute the mount(2) call.

              See mount_namespaces(7) for more information.

       -O, --test-opts opts
              Limit the set of filesystems to which the -a option applies.
              In this regard it is like the -t option except that -O is
              useless without -a.  For example, the command:

                     mount -a -O no_netdev

              mounts all filesystems except those which have the option
              _netdev specified in the options field in the /etc/fstab file.

              It is different from -t in that each option is matched
              exactly; a leading no at the beginning of one option does not
              negate the rest.

              The -t and -O options are cumulative in effect; that is, the
              command

                     mount -a -t ext2 -O _netdev

              mounts all ext2 filesystems with the _netdev option, not all
              filesystems that are either ext2 or have the _netdev option
              specified.

       -o, --options opts
              Use the specified mount options.  The opts argument is a
              comma-separated list.  For example:

                     mount LABEL=mydisk -o noatime,nodev,nosuid

              For more details, see the FILESYSTEM-INDEPENDENT MOUNT OPTIONS
              and FILESYSTEM-SPECIFIC MOUNT OPTIONS sections.

       --options-mode mode
              Controls how to combine options from fstab/mtab with options
              from the command line.  mode can be one of ignore, append,
              prepend or replace.  For example, append means that options
              from fstab are appended to options from the command line.  The
              default value is prepend -- it means command line options are
              evaluated after fstab options.  Note that the last option wins
              if there are conflicting ones.

       --options-source source
              Source of default options.  source is a comma-separated list
              of fstab, mtab and disable.  disable disables fstab and mtab
              and disables --options-source-force.  The default value is
              fstab,mtab.

       --options-source-force
              Use options from fstab/mtab even if both device and dir are
              specified.

       -R, --rbind
              Remount a subtree and all possible submounts somewhere else
              (so that its contents are available in both places).  See
              above, the subsection Bind mounts.

       -r, --read-only
              Mount the filesystem read-only.  A synonym is -o ro.

              Note that, depending on the filesystem type, state and kernel
              behavior, the system may still write to the device.  For
              example, ext3 and ext4 will replay the journal if the
              filesystem is dirty.  To prevent this kind of write access,
              you may want to mount an ext3 or ext4 filesystem with the
              ro,noload mount options or set the block device itself to
              read-only mode, see the blockdev(8) command.

       -s     Tolerate sloppy mount options rather than failing.  This will
              ignore mount options not supported by a filesystem type.  Not
              all filesystems support this option.  Currently it's supported
              by the mount.nfs mount helper only.

       --source device
              If only one argument for the mount command is given, then the
              argument might be interpreted as the target (mountpoint) or
              source (device).  This option allows you to explicitly define
              that the argument is the mount source.

       --target directory
              If only one argument for the mount command is given, then the
              argument might be interpreted as the target (mountpoint) or
              source (device).  This option allows you to explicitly define
              that the argument is the mount target.

       --target-prefix directory
              Prepend the specified directory to all mount targets.  This
              option can be used to follow fstab, but mount operations are
              done in another place, for example:

                     mount --all --target-prefix /chroot -o X-mount.mkdir

              mounts all from system fstab to /chroot, all missing
              mountpoint are created (due to X-mount.mkdir).  See also
              --fstab to use an alternative fstab.

       -T, --fstab path
              Specifies an alternative fstab file.  If path is a directory,
              then the files in the directory are sorted by strverscmp(3);
              files that start with "." or without an .fstab extension are
              ignored.  The option can be specified more than once.  This
              option is mostly designed for initramfs or chroot scripts
              where additional configuration is specified beyond standard
              system configuration.

              Note that mount(8) does not pass the option --fstab to the
              /sbin/mount.type helpers, meaning that the alternative fstab
              files will be invisible for the helpers.  This is no problem
              for normal mounts, but user (non-root) mounts always require
              fstab to verify the user's rights.

       -t, --types fstype
              The argument following the -t is used to indicate the
              filesystem type.  The filesystem types which are currently
              supported depend on the running kernel.  See /proc/filesystems
              and /lib/modules/$(uname -r)/kernel/fs for a complete list of
              the filesystems.  The most common are ext2, ext3, ext4, xfs,
              btrfs, vfat, sysfs, proc, nfs and cifs.

              The programs mount and umount support filesystem subtypes.
              The subtype is defined by a '.subtype' suffix.  For example
              'fuse.sshfs'.  It's recommended to use subtype notation rather
              than add any prefix to the mount source (for example
              'sshfs#example.com' is deprecated).

              If no -t option is given, or if the auto type is specified,
              mount will try to guess the desired type.  Mount uses the
              blkid library for guessing the filesystem type; if that does
              not turn up anything that looks familiar, mount will try to
              read the file /etc/filesystems, or, if that does not exist,
              /proc/filesystems.  All of the filesystem types listed there
              will be tried, except for those that are labeled "nodev" (e.g.
              devpts, proc and nfs).  If /etc/filesystems ends in a line
              with a single *, mount will read /proc/filesystems afterwards.
              While trying, all filesystem types will be mounted with the
              mount option silent.

              The auto type may be useful for user-mounted floppies.
              Creating a file /etc/filesystems can be useful to change the
              probe order (e.g., to try vfat before msdos or ext3 before
              ext2) or if you use a kernel module autoloader.

              More than one type may be specified in a comma-separated list,
              for the -t option as well as in an /etc/fstab entry.  The list
              of filesystem types for the -t option can be prefixed with no
              to specify the filesystem types on which no action should be
              taken.  The prefix no has no effect when specified in an
              /etc/fstab entry.

              The prefix no can be meaningful with the -a option.  For
              example, the command

                     mount -a -t nomsdos,smbfs

              mounts all filesystems except those of type msdos and smbfs.

              For most types all the mount program has to do is issue a
              simple mount(2) system call, and no detailed knowledge of the
              filesystem type is required.  For a few types however (like
              nfs, nfs4, cifs, smbfs, ncpfs) an ad hoc code is necessary.
              The nfs, nfs4, cifs, smbfs, and ncpfs filesystems have a
              separate mount program.  In order to make it possible to treat
              all types in a uniform way, mount will execute the program
              /sbin/mount.type (if that exists) when called with type type.
              Since different versions of the smbmount program have
              different calling conventions, /sbin/mount.smbfs may have to
              be a shell script that sets up the desired call.

       -U, --uuid uuid
              Mount the partition that has the specified uuid.

       -v, --verbose
              Verbose mode.

       -w, --rw, --read-write
              Mount the filesystem read/write.  Read-write is the kernel
              default and the mount default is to try read-only if the
              previous mount syscall with read-write flags on write-
              protected devices of filesystems failed.

              A synonym is -o rw.

              Note that specifying -w on the command line forces mount to
              never try read-only mount on write-protected devices or
              already mounted read-only filesystems.

       -V, --version
              Display version information and exit.

       -h, --help
              Display help text and exit.

FILESYSTEM-INDEPENDENT MOUNT OPTIONS         top

       Some of these options are only useful when they appear in the
       /etc/fstab file.

       Some of these options could be enabled or disabled by default in the
       system kernel.  To check the current setting see the options in
       /proc/mounts.  Note that filesystems also have per-filesystem
       specific default mount options (see for example tune2fs -l output for
       extN filesystems).

       The following options apply to any filesystem that is being mounted
       (but not every filesystem actually honors them – e.g., the sync
       option today has an effect only for ext2, ext3, ext4, fat, vfat, ufs
       and xfs):

       async  All I/O to the filesystem should be done asynchronously.  (See
              also the sync option.)

       atime  Do not use the noatime feature, so the inode access time is
              controlled by kernel defaults.  See also the descriptions of
              the relatime and strictatime mount options.

       noatime
              Do not update inode access times on this filesystem (e.g. for
              faster access on the news spool to speed up news servers).
              This works for all inode types (directories too), so it
              implies nodiratime.

       auto   Can be mounted with the -a option.

       noauto Can only be mounted explicitly (i.e., the -a option will not
              cause the filesystem to be mounted).

       context=context, fscontext=context, defcontext=context, and
       rootcontext=context
              The context= option is useful when mounting  filesystems  that
              do  not  support extended attributes, such as a floppy or hard
              disk formatted with VFAT, or systems  that  are  not  normally
              running  under SELinux, such as an ext3 or ext4 formatted disk
              from a non-SELinux workstation.  You can also use context=  on
              filesystems you do not trust, such as a floppy.  It also helps
              in compatibility with xattr-supporting filesystems on  earlier
              2.4.<x> kernel versions.  Even where xattrs are supported, you
              can save time not having to label every file by assigning  the
              entire disk one security context.

              A    commonly    used    option   for   removable   media   is
              context="system_u:object_r:removable_t".

              Two other options are  fscontext=  and  defcontext=,  both  of
              which  are  mutually  exclusive  of the context= option.  This
              means you can use fscontext and defcontext  with  each  other,
              but neither can be used with context.

              The fscontext= option works for all filesystems, regardless of
              their  xattr  support.   The   fscontext   option   sets   the
              overarching  filesystem  label to a specific security context.
              This filesystem label is separate from the  individual  labels
              on the files.  It represents the entire filesystem for certain
              kinds of permission checks,  such  as  during  mount  or  file
              creation.   Individual file labels are still obtained from the
              xattrs on the files themselves.  The context  option  actually
              sets   the  aggregate  context  that  fscontext  provides,  in
              addition to supplying the same label for individual files.

              You can set the default security context for  unlabeled  files
              using  defcontext=  option.   This overrides the value set for
              unlabeled files in the policy and requires a  filesystem  that
              supports xattr labeling.

              The  rootcontext=  option  allows  you to explicitly label the
              root inode of a FS being  mounted  before  that  FS  or  inode
              becomes visible to userspace.  This was found to be useful for
              things like stateless Linux.

              Note that the kernel rejects any remount request that includes
              the  context  option,  even  when  unchanged  from the current
              context.

              Warning: the context value might contain commas, in which case
              the  value  has to be properly quoted, otherwise mount(8) will
              interpret the comma as  a  separator  between  mount  options.
              Don't  forget that the shell strips off quotes and thus double
              quoting is required.  For example:

                     mount -t tmpfs none /mnt -o \
                       'context="system_u:object_r:tmp_t:s0:c127,c456",noexec'

              For more details, see selinux(8).

       defaults
              Use the default options: rw, suid, dev,  exec,  auto,  nouser,
              and async.

              Note that the real set of all default mount options depends on
              the kernel and filesystem type.  See  the  beginning  of  this
              section for more details.

       dev    Interpret   character   or   block   special  devices  on  the
              filesystem.

       nodev  Do not interpret character or block  special  devices  on  the
              filesystem.

       diratime
              Update  directory inode access times on this filesystem.  This
              is the default.  (This option is ignored when noatime is set.)

       nodiratime
              Do not update directory inode access times on this filesystem.
              (This option is implied when noatime is set.)

       dirsync
              All  directory  updates  within  the filesystem should be done
              synchronously.   This  affects  the  following  system  calls:
              creat, link, unlink, symlink, mkdir, rmdir, mknod and rename.

       exec   Permit execution of binaries.

       noexec Do  not permit direct execution of any binaries on the mounted
              filesystem.

       group  Allow an ordinary user to mount the filesystem if one of  that
              user's  groups  matches  the group of the device.  This option
              implies the options nosuid and  nodev  (unless  overridden  by
              subsequent options, as in the option line group,dev,suid).

       iversion
              Every  time the inode is modified, the i_version field will be
              incremented.

       noiversion
              Do not increment the i_version inode field.

       mand   Allow mandatory locks on this filesystem.  See fcntl(2).

       nomand Do not allow mandatory locks on this filesystem.

       _netdev
              The filesystem resides  on  a  device  that  requires  network
              access  (used  to  prevent the system from attempting to mount
              these filesystems until the network has been  enabled  on  the
              system).

       nofail Do not report errors for this device if it does not exist.

       relatime
              Update  inode  access times relative to modify or change time.
              Access time is only updated if the previous  access  time  was
              earlier  than  the current modify or change time.  (Similar to
              noatime, but it doesn't break mutt or other applications  that
              need  to  know  if a file has been read since the last time it
              was modified.)

              Since Linux  2.6.30,  the  kernel  defaults  to  the  behavior
              provided  by  this  option (unless noatime was specified), and
              the strictatime  option  is  required  to  obtain  traditional
              semantics.   In  addition, since Linux 2.6.30, the file's last
              access time is always updated if it is more than 1 day old.

       norelatime
              Do not use the relatime feature.   See  also  the  strictatime
              mount option.

       strictatime
              Allows  to  explicitly request full atime updates.  This makes
              it possible for the kernel to default to relatime  or  noatime
              but  still  allow  userspace to override it.  For more details
              about the default system mount options see /proc/mounts.

       nostrictatime
              Use the  kernel's  default  behavior  for  inode  access  time
              updates.

       lazytime
              Only  update  times  (atime,  mtime,  ctime)  on the in-memory
              version of the file inode.

              This mount option significantly reduces writes  to  the  inode
              table  for  workloads  that  perform frequent random writes to
              preallocated files.

              The on-disk timestamps are updated only when:

              - the inode needs to be updated for some change  unrelated  to
                file timestamps

              - the application employs fsync(2), syncfs(2), or sync(2)

              - an undeleted inode is evicted from memory

              - more  than 24 hours have passed since the i-node was written
                to disk.

       nolazytime
              Do not use the lazytime feature.

       suid   Honor set-user-ID and set-group-ID bits or  file  capabilities
              when executing programs from this filesystem.

       nosuid Do  not  honor  set-user-ID  and  set-group-ID  bits  or  file
              capabilities when executing programs from this filesystem.

       silent Turn on the silent flag.

       loud   Turn off the silent flag.

       owner  Allow an ordinary user to mount the filesystem if that user is
              the  owner  of  the  device.   This option implies the options
              nosuid and nodev (unless overridden by subsequent options,  as
              in the option line owner,dev,suid).

       remount
              Attempt  to  remount  an  already-mounted filesystem.  This is
              commonly used to change the  mount  flags  for  a  filesystem,
              especially  to  make  a readonly filesystem writable.  It does
              not change device or mount point.

              The remount operation together with the bind flag has  special
              semantics. See above, the subsection Bind mounts.

              The  remount  functionality follows the standard way the mount
              command works with options from fstab.  This means that  mount
              does  not  read  fstab (or mtab) only when both device and dir
              are specified.

                  mount -o remount,rw /dev/foo /dir

              After this  call  all  old  mount  options  are  replaced  and
              arbitrary  stuff  from  fstab (or mtab) is ignored, except the
              loop= option which is internally generated and  maintained  by
              the mount command.

                  mount -o remount,rw  /dir

              After  this  call,  mount reads fstab and merges these options
              with the options from the command line (-o).  If no mountpoint
              is  found  in fstab, then a remount with unspecified source is
              allowed.

              mount allows the use of --all to remount all  already  mounted
              filesystems  which  match a specified filter (-O and -t).  For
              example:

                  mount --all -o remount,ro -t vfat

              remounts all already mounted  vfat  filesystems  in  read-only
              mode.  Each  of  the  filesystems  is  remounted  by "mount -o
              remount,ro /dir" semantic.  This means the mount command reads
              fstab  or  mtab and merges these options with the options from
              the command line.

       ro     Mount the filesystem read-only.

       rw     Mount the filesystem read-write.

       sync   All I/O to the filesystem should be  done  synchronously.   In
              the  case of media with a limited number of write cycles (e.g.
              some flash drives), sync may cause life-cycle shortening.

       user   Allow an ordinary user to mount the filesystem.  The  name  of
              the  mounting  user  is  written  to  the mtab file (or to the
              private libmount file  in  /run/mount  on  systems  without  a
              regular   mtab)  so  that  this  same  user  can  unmount  the
              filesystem again.  This option  implies  the  options  noexec,
              nosuid, and nodev (unless overridden by subsequent options, as
              in the option line user,exec,dev,suid).

       nouser Forbid an ordinary user to mount the filesystem.  This is  the
              default; it does not imply any other options.

       users  Allow  any  user  to mount and to unmount the filesystem, even
              when some other ordinary user mounted it.  This option implies
              the  options  noexec,  nosuid, and nodev (unless overridden by
              subsequent    options,    as    in     the     option     line
              users,exec,dev,suid).

       X-*    All  options prefixed with "X-" are interpreted as comments or
              as userspace application-specific options.  These options  are
              not  stored  in  user space (e.g., mtab file), nor sent to the
              mount.type helpers nor  to  the  mount(2)  system  call.   The
              suggested format is X-appname.option.

       x-*    The same as X-* options, but stored permanently in user space.
              This means the options are also available for umount or  other
              operations.   Note  that  maintaining   mount  options in user
              space is tricky, because  it's  necessary  use  libmount-based
              tools  and  there  is  no  guarantee  that the options will be
              always available (for example after a move mount operation  or
              in unshared namespace).

              Note  that  before  util-linux  v2.30 the x-* options have not
              been  maintained  by  libmount  and  stored  in   user   space
              (functionality  was  the  same as for X-* now), but due to the
              growing number of use-cases  (in  initrd,  systemd  etc.)  the
              functionality   has  been  extended  to  keep  existing  fstab
              configurations usable without a change.

       X-mount.mkdir[=mode]
              Allow to make a target directory (mountpoint) if it  does  not
              exit yet.  The optional argument mode specifies the filesystem
              access mode used for mkdir(2) in octal notation.  The  default
              mode  is  0755.  This functionality is supported only for root
              users or when mount executed without  suid  permissions.   The
              option  is  also  supported as x-mount.mkdir, this notation is
              deprecated since v2.30.

FILESYSTEM-SPECIFIC MOUNT OPTIONS         top

       This section lists options that are specific to particular
       filesystems.  Where possible, you should first consult filesystem-
       specific manual pages for details.  Some of those pages are listed in
       the following table.

       Filesystem(s)      Manual page
       btrfs              btrfs(5)
       cifs               mount.cifs(8)
       ext2, ext3, ext4   ext4(5)
       fuse               fuse(8)
       nfs                nfs(5)
       tmpfs              tmpfs(5)
       xfs                xfs(5)

       Note that some of the pages listed above might be available only
       after you install the respective userland tools.

       The following options apply only to certain filesystems.  We sort
       them by filesystem.  All options follow the -o flag.

       What options are supported depends a bit on the running kernel.
       Further information may be available in filesystem-specific files in
       the kernel source subdirectory Documentation/filesystems.

   Mount options for adfs
       uid=value and gid=value
              Set the owner and group of the files in the filesystem
              (default: uid=gid=0).

       ownmask=value and othmask=value
              Set the permission mask for ADFS 'owner' permissions and
              'other' permissions, respectively (default: 0700 and 0077,
              respectively).  See also
              /usr/src/linux/Documentation/filesystems/adfs.rst.

   Mount options for affs
       uid=value and gid=value
              Set the owner and group of the root of the filesystem
              (default: uid=gid=0, but with option uid or gid without
              specified value, the UID and GID of the current process are
              taken).

       setuid=value and setgid=value
              Set the owner and group of all files.

       mode=value
              Set the mode of all files to value & 0777 disregarding the
              original permissions.  Add search permission to directories
              that have read permission.  The value is given in octal.

       protect
              Do not allow any changes to the protection bits on the
              filesystem.

       usemp  Set UID and GID of the root of the filesystem to the UID and
              GID of the mount point upon the first sync or umount, and then
              clear this option.  Strange...

       verbose
              Print an informational message for each successful mount.

       prefix=string
              Prefix used before volume name, when following a link.

       volume=string
              Prefix (of length at most 30) used before '/' when following a
              symbolic link.

       reserved=value
              (Default: 2.) Number of unused blocks at the start of the
              device.

       root=value
              Give explicitly the location of the root block.

       bs=value
              Give blocksize.  Allowed values are 512, 1024, 2048, 4096.

       grpquota|noquota|quota|usrquota
              These options are accepted but ignored.  (However, quota
              utilities may react to such strings in /etc/fstab.)

   Mount options for debugfs
       The debugfs filesystem is a pseudo filesystem, traditionally mounted
       on /sys/kernel/debug.  As of kernel version 3.4, debugfs has the
       following options:

       uid=n, gid=n
              Set the owner and group of the mountpoint.

       mode=value
              Sets the mode of the mountpoint.

   Mount options for devpts
       The devpts filesystem is a pseudo filesystem, traditionally mounted
       on /dev/pts.  In order to acquire a pseudo terminal, a process opens
       /dev/ptmx; the number of the pseudo terminal is then made available
       to the process and the pseudo terminal slave can be accessed as
       /dev/pts/<number>.

       uid=value and gid=value
              This sets the owner or the group of newly created pseudo
              terminals to the specified values.  When nothing is specified,
              they will be set to the UID and GID of the creating process.
              For example, if there is a tty group with GID 5, then gid=5
              will cause newly created pseudo terminals to belong to the tty
              group.

       mode=value
              Set the mode of newly created pseudo terminals to the
              specified value.  The default is 0600.  A value of mode=620
              and gid=5 makes "mesg y" the default on newly created pseudo
              terminals.

       newinstance
              Create a private instance of the devpts filesystem, such that
              indices of pseudo terminals allocated in this new instance are
              independent of indices created in other instances of devpts.

              All mounts of devpts without this newinstance option share the
              same set of pseudo terminal indices (i.e., legacy mode).  Each
              mount of devpts with the newinstance option has a private set
              of pseudo terminal indices.

              This option is mainly used to support containers in the Linux
              kernel.  It is implemented in Linux kernel versions starting
              with 2.6.29.  Further, this mount option is valid only if
              CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel
              configuration.

              To use this option effectively, /dev/ptmx must be a symbolic
              link to pts/ptmx.  See Documentation/filesystems/devpts.txt in
              the Linux kernel source tree for details.

       ptmxmode=value

              Set the mode for the new ptmx device node in the devpts
              filesystem.

              With the support for multiple instances of devpts (see
              newinstance option above), each instance has a private ptmx
              node in the root of the devpts filesystem (typically
              /dev/pts/ptmx).

              For compatibility with older versions of the kernel, the
              default mode of the new ptmx node is 0000.  ptmxmode=value
              specifies a more useful mode for the ptmx node and is highly
              recommended when the newinstance option is specified.

              This option is only implemented in Linux kernel versions
              starting with 2.6.29.  Further, this option is valid only if
              CONFIG_DEVPTS_MULTIPLE_INSTANCES is enabled in the kernel
              configuration.

   Mount options for fat
       (Note: fat is not a separate filesystem, but a common part of the
       msdos, umsdos and vfat filesystems.)

       blocksize={512|1024|2048}
              Set blocksize (default 512).  This option is obsolete.

       uid=value and gid=value
              Set the owner and group of all files.  (Default: the UID and
              GID of the current process.)

       umask=value
              Set the umask (the bitmask of the permissions that are not
              present).  The default is the umask of the current process.
              The value is given in octal.

       dmask=value
              Set the umask applied to directories only.  The default is the
              umask of the current process.  The value is given in octal.

       fmask=value
              Set the umask applied to regular files only.  The default is
              the umask of the current process.  The value is given in
              octal.

       allow_utime=value
              This option controls the permission check of mtime/atime.

              20     If current process is in group of file's group ID, you
                     can change timestamp.

              2      Other users can change timestamp.

              The default is set from `dmask' option. (If the directory is
              writable, utime(2) is also allowed.  I.e. ~dmask & 022)

              Normally utime(2) checks that the current process is owner of
              the file, or that it has the CAP_FOWNER capability.  But FAT
              filesystems don't have UID/GID on disk, so the normal check is
              too inflexible.  With this option you can relax it.

       check=value
              Three different levels of pickiness can be chosen:

              r[elaxed]
                     Upper and lower case are accepted and equivalent, long
                     name parts are truncated (e.g. verylongname.foobar
                     becomes verylong.foo), leading and embedded spaces are
                     accepted in each name part (name and extension).

              n[ormal]
                     Like "relaxed", but many special characters (*, ?, <,
                     spaces, etc.) are rejected.  This is the default.

              s[trict]
                     Like "normal", but names that contain long parts or
                     special characters that are sometimes used on Linux but
                     are not accepted by MS-DOS (+, =, etc.) are rejected.

       codepage=value
              Sets the codepage for converting to shortname characters on
              FAT and VFAT filesystems.  By default, codepage 437 is used.

       conv=mode
              This option is obsolete and may fail or be ignored.

       cvf_format=module
              Forces the driver to use the CVF (Compressed Volume File)
              module cvf_module instead of auto-detection.  If the kernel
              supports kmod, the cvf_format=xxx option also controls on-
              demand CVF module loading.  This option is obsolete.

       cvf_option=option
              Option passed to the CVF module.  This option is obsolete.

       debug  Turn on the debug flag.  A version string and a list of
              filesystem parameters will be printed (these data are also
              printed if the parameters appear to be inconsistent).

       discard
              If set, causes discard/TRIM commands to be issued to the block
              device when blocks are freed.  This is useful for SSD devices
              and sparse/thinly-provisioned LUNs.

       dos1xfloppy
              If set, use a fallback default BIOS Parameter Block
              configuration, determined by backing device size.  These
              static parameters match defaults assumed by DOS 1.x for 160
              kiB, 180 kiB, 320 kiB, and 360 kiB floppies and floppy images.

       errors={panic|continue|remount-ro}
              Specify FAT behavior on critical errors: panic, continue
              without doing anything, or remount the partition in read-only
              mode (default behavior).

       fat={12|16|32}
              Specify a 12, 16 or 32 bit fat.  This overrides the automatic
              FAT type detection routine.  Use with caution!

       iocharset=value
              Character set to use for converting between 8 bit characters
              and 16 bit Unicode characters.  The default is iso8859-1.
              Long filenames are stored on disk in Unicode format.

       nfs={stale_rw|nostale_ro}
              Enable this only if you want to export the FAT filesystem over
              NFS.

              stale_rw: This option maintains an index (cache) of directory
              inodes which is used by the nfs-related code to improve look-
              ups.  Full file operations (read/write) over NFS are supported
              but with cache eviction at NFS server, this could result in
              spurious ESTALE errors.

              nostale_ro: This option bases the inode number and file handle
              on the on-disk location of a file in the FAT directory entry.
              This ensures that ESTALE will not be returned after a file is
              evicted from the inode cache.  However, it means that
              operations such as rename, create and unlink could cause file
              handles that previously pointed at one file to point at a
              different file, potentially causing data corruption.  For this
              reason, this option also mounts the filesystem readonly.

              To maintain backward compatibility, '-o nfs' is also accepted,
              defaulting to stale_rw.

       tz=UTC This option disables the conversion of timestamps between
              local time (as used by Windows on FAT) and UTC (which Linux
              uses internally).  This is particularly useful when mounting
              devices (like digital cameras) that are set to UTC in order to
              avoid the pitfalls of local time.

       time_offset=minutes
              Set offset for conversion of timestamps from local time used
              by FAT to UTC.  I.e., minutes will be subtracted from each
              timestamp to convert it to UTC used internally by Linux.  This
              is useful when the time zone set in the kernel via
              settimeofday(2) is not the time zone used by the filesystem.
              Note that this option still does not provide correct time
              stamps in all cases in presence of DST - time stamps in a
              different DST setting will be off by one hour.

       quiet  Turn on the quiet flag.  Attempts to chown or chmod files do
              not return errors, although they fail.  Use with caution!

       rodir  FAT has the ATTR_RO (read-only) attribute.  On Windows, the
              ATTR_RO of the directory will just be ignored, and is used
              only by applications as a flag (e.g. it's set for the
              customized folder).

              If you want to use ATTR_RO as read-only flag even for the
              directory, set this option.

       showexec
              If set, the execute permission bits of the file will be
              allowed only if the extension part of the name is .EXE, .COM,
              or .BAT.  Not set by default.

       sys_immutable
              If set, ATTR_SYS attribute on FAT is handled as IMMUTABLE flag
              on Linux.  Not set by default.

       flush  If set, the filesystem will try to flush to disk more early
              than normal.  Not set by default.

       usefree
              Use the "free clusters" value stored on FSINFO.  It'll be used
              to determine number of free clusters without scanning disk.
              But it's not used by default, because recent Windows don't
              update it correctly in some case.  If you are sure the "free
              clusters" on FSINFO is correct, by this option you can avoid
              scanning disk.

       dots, nodots, dotsOK=[yes|no]
              Various misguided attempts to force Unix or DOS conventions
              onto a FAT filesystem.

   Mount options for hfs
       creator=cccc, type=cccc
              Set the creator/type values as shown by the MacOS finder used
              for creating new files.  Default values: '????'.

       uid=n, gid=n
              Set the owner and group of all files.  (Default: the UID and
              GID of the current process.)

       dir_umask=n, file_umask=n, umask=n
              Set the umask used for all directories, all regular files, or
              all files and directories.  Defaults to the umask of the
              current process.

       session=n
              Select the CDROM session to mount.  Defaults to leaving that
              decision to the CDROM driver.  This option will fail with
              anything but a CDROM as underlying device.

       part=n Select partition number n from the device.  Only makes sense
              for CDROMs.  Defaults to not parsing the partition table at
              all.

       quiet  Don't complain about invalid mount options.

   Mount options for hpfs
       uid=value and gid=value
              Set the owner and group of all files. (Default: the UID and
              GID of the current process.)

       umask=value
              Set the umask (the bitmask of the permissions that are not
              present).  The default is the umask of the current process.
              The value is given in octal.

       case={lower|asis}
              Convert all files names to lower case, or leave them.
              (Default: case=lower.)

       conv=mode
              This option is obsolete and may fail or being ignored.

       nocheck
              Do not abort mounting when certain consistency checks fail.

   Mount options for iso9660
       ISO 9660 is a standard describing a filesystem structure to be used
       on CD-ROMs. (This filesystem type is also seen on some DVDs.  See
       also the udf filesystem.)

       Normal iso9660 filenames appear in an 8.3 format (i.e., DOS-like
       restrictions on filename length), and in addition all characters are
       in upper case.  Also there is no field for file ownership,
       protection, number of links, provision for block/character devices,
       etc.

       Rock Ridge is an extension to iso9660 that provides all of these
       UNIX-like features.  Basically there are extensions to each directory
       record that supply all of the additional information, and when Rock
       Ridge is in use, the filesystem is indistinguishable from a normal
       UNIX filesystem (except that it is read-only, of course).

       norock Disable the use of Rock Ridge extensions, even if available.
              Cf. map.

       nojoliet
              Disable the use of Microsoft Joliet extensions, even if
              available.  Cf. map.

       check={r[elaxed]|s[trict]}
              With check=relaxed, a filename is first converted to lower
              case before doing the lookup.  This is probably only
              meaningful together with norock and map=normal.  (Default:
              check=strict.)

       uid=value and gid=value
              Give all files in the filesystem the indicated user or group
              id, possibly overriding the information found in the Rock
              Ridge extensions.  (Default: uid=0,gid=0.)

       map={n[ormal]|o[ff]|a[corn]}
              For non-Rock Ridge volumes, normal name translation maps upper
              to lower case ASCII, drops a trailing `;1', and converts `;'
              to `.'.  With map=off no name translation is done.  See
              norock.  (Default: map=normal.)  map=acorn is like map=normal
              but also apply Acorn extensions if present.

       mode=value
              For non-Rock Ridge volumes, give all files the indicated mode.
              (Default: read and execute permission for everybody.)  Octal
              mode values require a leading 0.

       unhide Also show hidden and associated files.  (If the ordinary files
              and the associated or hidden files have the same filenames,
              this may make the ordinary files inaccessible.)

       block={512|1024|2048}
              Set the block size to the indicated value.  (Default:
              block=1024.)

       conv=mode
              This option is obsolete and may fail or being ignored.

       cruft  If the high byte of the file length contains other garbage,
              set this mount option to ignore the high order bits of the
              file length.  This implies that a file cannot be larger than
              16 MB.

       session=x
              Select number of session on multisession CD.

       sbsector=xxx
              Session begins from sector xxx.

       The following options are the same as for vfat and specifying them
       only makes sense when using discs encoded using Microsoft's Joliet
       extensions.

       iocharset=value
              Character set to use for converting 16 bit Unicode characters
              on CD to 8 bit characters.  The default is iso8859-1.

       utf8   Convert 16 bit Unicode characters on CD to UTF-8.

   Mount options for jfs
       iocharset=name
              Character set to use for converting from Unicode to ASCII.
              The default is to do no conversion.  Use iocharset=utf8 for
              UTF8 translations.  This requires CONFIG_NLS_UTF8 to be set in
              the kernel .config file.

       resize=value
              Resize the volume to value blocks.  JFS only supports growing
              a volume, not shrinking it.  This option is only valid during
              a remount, when the volume is mounted read-write.  The resize
              keyword with no value will grow the volume to the full size of
              the partition.

       nointegrity
              Do not write to the journal.  The primary use of this option
              is to allow for higher performance when restoring a volume
              from backup media.  The integrity of the volume is not
              guaranteed if the system abnormally ends.

       integrity
              Default.  Commit metadata changes to the journal.  Use this
              option to remount a volume where the nointegrity option was
              previously specified in order to restore normal behavior.

       errors={continue|remount-ro|panic}
              Define the behavior when an error is encountered.  (Either
              ignore errors and just mark the filesystem erroneous and
              continue, or remount the filesystem read-only, or panic and
              halt the system.)

       noquota|quota|usrquota|grpquota
              These options are accepted but ignored.

   Mount options for msdos
       See mount options for fat.  If the msdos filesystem detects an
       inconsistency, it reports an error and sets the file system read-
       only.  The filesystem can be made writable again by remounting it.

   Mount options for ncpfs
       Just like nfs, the ncpfs implementation expects a binary argument (a
       struct ncp_mount_data) to the mount system call.  This argument is
       constructed by ncpmount(8) and the current version of mount (2.12)
       does not know anything about ncpfs.

   Mount options for ntfs
       iocharset=name
              Character set to use when returning file names.  Unlike VFAT,
              NTFS suppresses names that contain nonconvertible characters.
              Deprecated.

       nls=name
              New name for the option earlier called iocharset.

       utf8   Use UTF-8 for converting file names.

       uni_xlate={0|1|2}
              For 0 (or `no' or `false'), do not use escape sequences for
              unknown Unicode characters.  For 1 (or `yes' or `true') or 2,
              use vfat-style 4-byte escape sequences starting with ":".
              Here 2 give a little-endian encoding and 1 a byteswapped
              bigendian encoding.

       posix=[0|1]
              If enabled (posix=1), the filesystem distinguishes between
              upper and lower case.  The 8.3 alias names are presented as
              hard links instead of being suppressed.  This option is
              obsolete.

       uid=value, gid=value and umask=value
              Set the file permission on the filesystem.  The umask value is
              given in octal.  By default, the files are owned by root and
              not readable by somebody else.

   Mount options for overlay
       Since Linux 3.18 the overlay pseudo filesystem implements a union
       mount for other filesystems.

       An overlay filesystem combines two filesystems - an upper filesystem
       and a lower filesystem.  When a name exists in both filesystems, the
       object in the upper filesystem is visible while the object in the
       lower filesystem is either hidden or, in the case of directories,
       merged with the upper object.

       The lower filesystem can be any filesystem supported by Linux and
       does not need to be writable.  The lower filesystem can even be
       another overlayfs.  The upper filesystem will normally be writable
       and if it is it must support the creation of trusted.* extended
       attributes, and must provide a valid d_type in readdir responses, so
       NFS is not suitable.

       A read-only overlay of two read-only filesystems may use any
       filesystem type.  The options lowerdir and upperdir are combined into
       a merged directory by using:

              mount -t overlay  overlay  \
                -olowerdir=/lower,upperdir=/upper,workdir=/work  /merged

       lowerdir=directory
              Any filesystem, does not need to be on a writable filesystem.

       upperdir=directory
              The upperdir is normally on a writable filesystem.

       workdir=directory
              The workdir needs to be an empty directory on the same
              filesystem as upperdir.

   Mount options for reiserfs
       Reiserfs is a journaling filesystem.

       conv   Instructs version 3.6 reiserfs software to mount a version 3.5
              filesystem, using the 3.6 format for newly created objects.
              This filesystem will no longer be compatible with reiserfs 3.5
              tools.

       hash={rupasov|tea|r5|detect}
              Choose which hash function reiserfs will use to find files
              within directories.

              rupasov
                     A hash invented by Yury Yu. Rupasov.  It is fast and
                     preserves locality, mapping lexicographically close
                     file names to close hash values.  This option should
                     not be used, as it causes a high probability of hash
                     collisions.

              tea    A Davis-Meyer function implemented by Jeremy
                     Fitzhardinge.  It uses hash permuting bits in the name.
                     It gets high randomness and, therefore, low probability
                     of hash collisions at some CPU cost.  This may be used
                     if EHASHCOLLISION errors are experienced with the r5
                     hash.

              r5     A modified version of the rupasov hash.  It is used by
                     default and is the best choice unless the filesystem
                     has huge directories and unusual file-name patterns.

              detect Instructs mount to detect which hash function is in use
                     by examining the filesystem being mounted, and to write
                     this information into the reiserfs superblock.  This is
                     only useful on the first mount of an old format
                     filesystem.

       hashed_relocation
              Tunes the block allocator.  This may provide performance
              improvements in some situations.

       no_unhashed_relocation
              Tunes the block allocator.  This may provide performance
              improvements in some situations.

       noborder
              Disable the border allocator algorithm invented by Yury Yu.
              Rupasov.  This may provide performance improvements in some
              situations.

       nolog  Disable journaling.  This will provide slight performance
              improvements in some situations at the cost of losing
              reiserfs's fast recovery from crashes.  Even with this option
              turned on, reiserfs still performs all journaling operations,
              save for actual writes into its journaling area.
              Implementation of nolog is a work in progress.

       notail By default, reiserfs stores small files and `file tails'
              directly into its tree.  This confuses some utilities such as
              LILO(8).  This option is used to disable packing of files into
              the tree.

       replayonly
              Replay the transactions which are in the journal, but do not
              actually mount the filesystem.  Mainly used by reiserfsck.

       resize=number
              A remount option which permits online expansion of reiserfs
              partitions.  Instructs reiserfs to assume that the device has
              number blocks.  This option is designed for use with devices
              which are under logical volume management (LVM).  There is a
              special resizer utility which can be obtained from
              ftp://ftp.namesys.com/pub/reiserfsprogs.

       user_xattr
              Enable Extended User Attributes.  See the attr(1) manual page.

       acl    Enable POSIX Access Control Lists.  See the acl(5) manual
              page.

       barrier=none / barrier=flush
              This disables / enables the use of write barriers in the
              journaling code.  barrier=none disables, barrier=flush enables
              (default).  This also requires an IO stack which can support
              barriers, and if reiserfs gets an error on a barrier write, it
              will disable barriers again with a warning.  Write barriers
              enforce proper on-disk ordering of journal commits, making
              volatile disk write caches safe to use, at some performance
              penalty.  If your disks are battery-backed in one way or
              another, disabling barriers may safely improve performance.

   Mount options for ubifs
       UBIFS is a flash filesystem which works on top of UBI volumes.  Note
       that atime is not supported and is always turned off.

       The device name may be specified as

              ubiX_Y UBI device number X, volume number Y

              ubiY   UBI device number 0, volume number Y

              ubiX:NAME
                     UBI device number X, volume with name NAME

              ubi:NAME
                     UBI device number 0, volume with name NAME

       Alternative !  separator may be used instead of :.

       The following mount options are available:

       bulk_read
              Enable bulk-read.  VFS read-ahead is disabled because it slows
              down the filesystem.  Bulk-Read is an internal optimization.
              Some flashes may read faster if the data are read at one go,
              rather than at several read requests.  For example, OneNAND
              can do "read-while-load" if it reads more than one NAND page.

       no_bulk_read
              Do not bulk-read.  This is the default.

       chk_data_crc
              Check data CRC-32 checksums.  This is the default.

       no_chk_data_crc.
              Do not check data CRC-32 checksums.  With this option, the
              filesystem does not check CRC-32 checksum for data, but it
              does check it for the internal indexing information.  This
              option only affects reading, not writing.  CRC-32 is always
              calculated when writing the data.

       compr={none|lzo|zlib}
              Select the default compressor which is used when new files are
              written.  It is still possible to read compressed files if
              mounted with the none option.

   Mount options for udf
       UDF is the "Universal Disk Format" filesystem defined by OSTA, the
       Optical Storage Technology Association, and is often used for DVD-
       ROM, frequently in the form of a hybrid UDF/ISO-9660 filesystem. It
       is, however, perfectly usable by itself on disk drives, flash drives
       and other block devices.  See also iso9660.

       uid=   Make all files in the filesystem belong to the given user.
              uid=forget can be specified independently of (or usually in
              addition to) uid=<user> and results in UDF not storing uids to
              the media. In fact the recorded uid is the 32-bit overflow uid
              -1 as defined by the UDF standard.  The value is given as
              either <user> which is a valid user name or the corresponding
              decimal user id, or the special string "forget".

       gid=   Make all files in the filesystem belong to the given group.
              gid=forget can be specified independently of (or usually in
              addition to) gid=<group> and results in UDF not storing gids
              to the media. In fact the recorded gid is the 32-bit overflow
              gid -1 as defined by the UDF standard.  The value is given as
              either <group> which is a valid group name or the
              corresponding decimal group id, or the special string
              "forget".

       umask= Mask out the given permissions from all inodes read from the
              filesystem.  The value is given in octal.

       mode=  If mode= is set the permissions of all non-directory inodes
              read from the filesystem will be set to the given mode. The
              value is given in octal.

       dmode= If dmode= is set the permissions of all directory inodes read
              from the filesystem will be set to the given dmode. The value
              is given in octal.

       bs=    Set the block size. Default value prior to kernel version
              2.6.30 was 2048. Since 2.6.30 and prior to 4.11 it was logical
              device block size with fallback to 2048. Since 4.11 it is
              logical block size with fallback to any valid block size
              between logical device block size and 4096.

              For other details see the mkudffs(8) 2.0+ manpage, sections
              COMPATIBILITY and BLOCK SIZE.

       unhide Show otherwise hidden files.

       undelete
              Show deleted files in lists.

       adinicb
              Embed data in the inode. (default)

       noadinicb
              Don't embed data in the inode.

       shortad
              Use short UDF address descriptors.

       longad Use long UDF address descriptors. (default)

       nostrict
              Unset strict conformance.

       iocharset=
              Set the NLS character set. This requires kernel compiled with
              CONFIG_UDF_NLS option.

       utf8   Set the UTF-8 character set.

   Mount options for debugging and disaster recovery
       novrs  Ignore the Volume Recognition Sequence and attempt to mount
              anyway.

       session=
              Select the session number for multi-session recorded optical
              media. (default= last session)

       anchor=
              Override standard anchor location. (default= 256)

       lastblock=
              Set the last block of the filesystem.

   Unused historical mount options that may be encountered and should be
       removed
       uid=ignore
              Ignored, use uid=<user> instead.

       gid=ignore
              Ignored, use gid=<group> instead.

       volume=
              Unimplemented and ignored.

       partition=
              Unimplemented and ignored.

       fileset=
              Unimplemented and ignored.

       rootdir=
              Unimplemented and ignored.

   Mount options for ufs
       ufstype=value
              UFS is a filesystem widely used in different operating
              systems.  The problem are differences among implementations.
              Features of some implementations are undocumented, so its hard
              to recognize the type of ufs automatically.  That's why the
              user must specify the type of ufs by mount option.  Possible
              values are:

              old    Old format of ufs, this is the default, read only.
                     (Don't forget to give the -r option.)

              44bsd  For filesystems created by a BSD-like system (NetBSD,
                     FreeBSD, OpenBSD).

              ufs2   Used in FreeBSD 5.x supported as read-write.

              5xbsd  Synonym for ufs2.

              sun    For filesystems created by SunOS or Solaris on Sparc.

              sunx86 For filesystems created by Solaris on x86.

              hp     For filesystems created by HP-UX, read-only.

              nextstep
                     For filesystems created by NeXTStep (on NeXT station)
                     (currently read only).

              nextstep-cd
                     For NextStep CDROMs (block_size == 2048), read-only.

              openstep
                     For filesystems created by OpenStep (currently read
                     only).  The same filesystem type is also used by Mac OS
                     X.

       onerror=value
              Set behavior on error:

              panic  If an error is encountered, cause a kernel panic.

              [lock|umount|repair]
                     These mount options don't do anything at present; when
                     an error is encountered only a console message is
                     printed.

   Mount options for umsdos
       See mount options for msdos.  The dotsOK option is explicitly killed
       by umsdos.

   Mount options for vfat
       First of all, the mount options for fat are recognized.  The dotsOK
       option is explicitly killed by vfat.  Furthermore, there are

       uni_xlate
              Translate unhandled Unicode characters to special escaped
              sequences.  This lets you backup and restore filenames that
              are created with any Unicode characters.  Without this option,
              a '?' is used when no translation is possible.  The escape
              character is ':' because it is otherwise invalid on the vfat
              filesystem.  The escape sequence that gets used, where u is
              the Unicode character, is: ':', (u & 0x3f), ((u>>6) & 0x3f),
              (u>>12).

       posix  Allow two files with names that only differ in case.  This
              option is obsolete.

       nonumtail
              First try to make a short name without sequence number, before
              trying name~num.ext.

       utf8   UTF8 is the filesystem safe 8-bit encoding of Unicode that is
              used by the console.  It can be enabled for the filesystem
              with this option or disabled with utf8=0, utf8=no or
              utf8=false.  If `uni_xlate' gets set, UTF8 gets disabled.

       shortname=mode
              Defines the behavior for creation and display of filenames
              which fit into 8.3 characters.  If a long name for a file
              exists, it will always be the preferred one for display.
              There are four modes:

              lower  Force the short name to lower case upon display; store
                     a long name when the short name is not all upper case.

              win95  Force the short name to upper case upon display; store
                     a long name when the short name is not all upper case.

              winnt  Display the short name as is; store a long name when
                     the short name is not all lower case or all upper case.

              mixed  Display the short name as is; store a long name when
                     the short name is not all upper case.  This mode is the
                     default since Linux 2.6.32.

   Mount options for usbfs
       devuid=uid and devgid=gid and devmode=mode
              Set the owner and group and mode of the device files in the
              usbfs filesystem (default: uid=gid=0, mode=0644).  The mode is
              given in octal.

       busuid=uid and busgid=gid and busmode=mode
              Set the owner and group and mode of the bus directories in the
              usbfs filesystem (default: uid=gid=0, mode=0555).  The mode is
              given in octal.

       listuid=uid and listgid=gid and listmode=mode
              Set the owner and group and mode of the file devices (default:
              uid=gid=0, mode=0444).  The mode is given in octal.

DM-VERITY SUPPORT (experimental)         top

       The device-mapper verity target provides read-only transparent
       integrity checking of block devices using kernel crypto API.  The
       mount command can open the dm-verity device and do the integrity
       verification before on the device filesystem is mounted.  Requires
       libcryptsetup with in libmount (optionally via dlopen).  If
       libcryptsetup supports extracting the root hash of an already mounted
       device, existing devices will be automatically reused in case of a
       match.  Mount options for dm-verity:

       verity.hashdevice=path
              Path to the hash tree device associated with the source volume
              to pass to dm-verity.

       verity.roothash=hex
              Hex-encoded hash of the root of verity.hashdevice Mutually
              exclusive with verity.roothashfile.

       verity.roothashfile=path
              Path to file containing the hex-encoded hash of the root of
              verity.hashdevice.  Mutually exclusive with verity.roothash.

       verity.hashoffset=offset
              If the hash tree device is embedded in the source volume,
              offset (default: 0) is used by dm-verity to get to the tree.

       verity.fecdevice=path
              Path to the Forward Error Correction (FEC) device associated
              with the source volume to pass to dm-verity.  Optional.
              Requires kernel built with CONFIG_DM_VERITY_FEC.

       verity.fecoffset=offset
              If the FEC device is embedded in the source volume, offset
              (default: 0) is used by dm-verity to get to the FEC area.
              Optional.

       verity.fecroots=value
              Parity bytes for FEC (default: 2). Optional.

       verity.roothashsig=path
              Path to pkcs7 signature of root hash hex string. Requires
              crypt_activate_by_signed_key() from cryptsetup and kernel
              built with CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG. For device
              reuse, signatures have to be either used by all mounts of a
              device or by none. Optional.

       Supported since util-linux v2.35.

       For example commands:

              mksquashfs /etc /tmp/etc.squashfs
              dd if=/dev/zero of=/tmp/etc.hash bs=1M count=10
              veritysetup format /tmp/etc.squashfs /tmp/etc.hash
              openssl smime -sign -in <hash> -nocerts -inkey private.key \
              -signer private.crt -noattr -binary -outform der -out /tmp/etc.p7
              mount -o verity.hashdevice=/tmp/etc.hash,verity.roothash=<hash>,\
              verity.roothashsig=/tmp/etc.p7 /tmp/etc.squashfs /mnt

       create squashfs image from /etc directory, verity hash device and
       mount verified filesystem image to /mnt.  The kernel will verify that
       the root hash is signed by a key from the kernel keyring if
       roothashsig is used.

LOOP-DEVICE SUPPORT         top

       One further possible type is a mount via the loop device.  For
       example, the command

              mount /tmp/disk.img /mnt -t vfat -o loop=/dev/loop3

       will set up the loop device /dev/loop3 to correspond to the file
       /tmp/disk.img, and then mount this device on /mnt.

       If no explicit loop device is mentioned (but just an option `-o loop'
       is given), then mount will try to find some unused loop device and
       use that, for example

              mount /tmp/disk.img /mnt -o loop

       The mount command automatically creates a loop device from a regular
       file if a filesystem type is not specified or the filesystem is known
       for libblkid, for example:

              mount /tmp/disk.img /mnt

              mount -t ext4 /tmp/disk.img /mnt

       This type of mount knows about three options, namely loop, offset and
       sizelimit, that are really options to losetup(8).  (These options can
       be used in addition to those specific to the filesystem type.)

       Since Linux 2.6.25 auto-destruction of loop devices is supported,
       meaning that any loop device allocated by mount will be freed by
       umount independently of /etc/mtab.

       You can also free a loop device by hand, using losetup -d or umount
       -d.

       Since util-linux v2.29, mount re-uses the loop device rather than
       initializing a new device if the same backing file is already used
       for some loop device with the same offset and sizelimit. This is
       necessary to avoid a filesystem corruption.

EXIT STATUS         top

       mount has the following exit status values (the bits can be ORed):

       0      success

       1      incorrect invocation or permissions

       2      system error (out of memory, cannot fork, no more loop
              devices)

       4      internal mount bug

       8      user interrupt

       16     problems writing or locking /etc/mtab

       32     mount failure

       64     some mount succeeded

              The command mount -a returns 0 (all succeeded), 32 (all
              failed), or 64 (some failed, some succeeded).

EXTERNAL HELPERS         top

       The syntax of external mount helpers is:

           /sbin/mount.suffix spec dir [-sfnv] [-N namespace] [-o options]
           [-t type.subtype]

       where the suffix is the filesystem type and the -sfnvoN options have
       the same meaning as the normal mount options.  The -t option is used
       for filesystems with subtypes support (for example /sbin/mount.fuse
       -t fuse.sshfs).

       The command mount does not pass the mount options unbindable,
       runbindable, private, rprivate, slave, rslave, shared, rshared, auto,
       noauto, comment, x-*, loop, offset and sizelimit to the
       mount.<suffix> helpers.  All other options are used in a comma-
       separated list as an argument to the -o option.

ENVIRONMENT         top

       LIBMOUNT_FSTAB=<path>
              overrides the default location of the fstab file (ignored for
              suid)

       LIBMOUNT_MTAB=<path>
              overrides the default location of the mtab file (ignored for
              suid)

       LIBMOUNT_DEBUG=all
              enables libmount debug output

       LIBBLKID_DEBUG=all
              enables libblkid debug output

       LOOPDEV_DEBUG=all
              enables loop device setup debug output

FILES         top

       See also "The files /etc/fstab, /etc/mtab and /proc/mounts" section
       above.

       /etc/fstab        filesystem table

       /run/mount        libmount private runtime directory

       /etc/mtab         table of mounted filesystems or symlink to
                         /proc/mounts

       /etc/mtab~        lock file (unused on systems with mtab symlink)

       /etc/mtab.tmp     temporary file (unused on systems with mtab
                         symlink)

       /etc/filesystems  a list of filesystem types to try

posted @ 2020-09-11 10:20  fndefbwefsowpvqfx  阅读(443)  评论(0编辑  收藏  举报