mount.fuse3(8) — Linux manual page

NAME | DESCRIPTION | DEFINITIONS | CONFIGURATION | OPTIONS | FUSE MODULES (STACKING) | SECURITY | NOTE | AUTHORS | SEE ALSO | COLOPHON

fuse(8)                  System Manager's Manual                 fuse(8)

NAME         top

       fuse - configuration and mount options for FUSE file systems

DESCRIPTION         top

       FUSE (Filesystem in Userspace) is a simple interface for
       userspace programs to export a virtual filesystem to the Linux
       kernel. FUSE also aims to provide a secure method for non
       privileged users to create and mount their own filesystem
       implementations.

DEFINITIONS         top

       FUSE   The in-kernel filesystem that forwards requests to a user-
              space process.

       filesystem
              The user-space process that responds to requests received
              from the kernel.

       libfuse
              The shared library that most (user-space) filesystems use
              to communicate with FUSE (the kernel filesystem). libfuse
              also provides the fusermount3 (or fusermount if you have
              older version of libfuse) helper to allow non-privileged
              users to mount filesystems.

       filesystem owner
              The user that starts the filesystem and instructs the
              kernel to associate it with a particular mountpoint. The
              latter is typically done by the filesystem itself on
              start-up. When using libfuse, this is done by calling the
              fusermount3 utility.

       client Any process that interacts with the mountpoint.

CONFIGURATION         top

       Some options regarding mount policy can be set in the file
       /etc/fuse.conf. Currently these options are:

       mount_max = NNN
              Set the maximum number of FUSE mounts allowed to non-root
              users. The default is 1000.

       user_allow_other
              Allow non-root users to specify the allow_other or
              allow_root mount options (see below).

       These limits are enforced by the fusermount3 helper, so they can
       be avoided by filesystems that run as root.

OPTIONS         top

       Most of the generic mount options described in mount are
       supported (ro, rw, suid, nosuid, dev, nodev, exec, noexec, atime,
       noatime, sync, async, dirsync). Filesystems are mounted with
       nodev,nosuid by default, which can only be overridden by a
       privileged user.

   General mount options:
       These are FUSE specific mount options that can be specified for
       all filesystems:

       default_permissions
              This option instructs the kernel to perform its own
              permission check instead of deferring all permission
              checking to the filesystem. The check by the kernel is
              done in addition to any permission checks by the
              filesystem, and both have to succeed for an operation to
              be allowed. The kernel performs a standard UNIX permission
              check (based on mode bits and ownership of the directory
              entry, and uid/gid of the client).

              This mount option is activated implicitly if the
              filesystem enables ACL support during the initial feature
              negotiation when opening the device fd. In this case, the
              kernel performs both ACL and standard unix permission
              checking.

              Filesystems that do not implement any permission checking
              should generally add this option internally.

       allow_other
              This option overrides the security measure restricting
              file access to the filesystem owner, so that all users
              (including root) can access the files.

       rootmode=M
              Specifies the file mode of the filesystem's root (in octal
              representation).

       blkdev Mount a filesystem backed by a block device.  This is a
              privileged option. The device must be specified with the
              fsname=NAME option.

       blksize=N
              Set the block size for the filesystem. This option is only
              valid for 'fuseblk' type mounts. The default is 512.

              In most cases, this option should not be specified by the
              filesystem owner but set internally by the filesystem.

       max_read=N
              With this option the maximum size of read operations can
              be set. The default is infinite, but typically the kernel
              enforces its own limit in addition to this one. A value of
              zero corresponds to no limit.

              This option should not be specified by the filesystem
              owner. The correct (or optimum) value depends on the
              filesystem implementation and should thus be set by the
              filesystem internally.

              This mount option is deprecated in favor of direct
              negotiation over the device fd (as done for e.g. the
              maximum size of write operations). For the time being,
              libfuse-using filesystems that want to limit the read size
              must therefore use this mount option and set the same
              value again in the init() handler.

       fd=N   The file descriptor to use for communication between the
              userspace filesystem and the kernel.  The file descriptor
              must have been obtained by opening the FUSE device
              (/dev/fuse).

              This option should not be specified by the filesystem
              owner. It is set by libfuse (or, if libfuse is not used,
              must be set by the filesystem itself).

       user_id=N
              group_id=N Specifies the numeric uid/gid of the mount
              owner.

              This option should not be specified by the filesystem
              owner. It is set by libfuse (or, if libfuse is not used,
              must be set by the filesystem itself).

       fsname=NAME
              Sets the filesystem source (first field in /etc/mtab). The
              default is the name of the filesystem process.

       subtype=TYPE
              Sets the filesystem type (third field in /etc/mtab). The
              default is the name of the filesystem process. If the
              kernel supports it, /etc/mtab and /proc/mounts will show
              the filesystem type as fuse.TYPE

              If the kernel doesn't support subtypes, the source field
              will be TYPE#NAME, or if fsname option is not specified,
              just TYPE.

   libfuse-specific mount options:
       These following options are not actually passed to the kernel but
       interpreted by libfuse. They can be specified for all filesystems
       that use libfuse:

       allow_root
              This option is similar to allow_other but file access is
              limited to the filesystem owner and root.  This option and
              allow_other are mutually exclusive.

       auto_unmount
              This option enables automatic release of the mountpoint if
              filesystem terminates for any reason. Normally the
              filesystem is responsible for releasing the mountpoint,
              which means that the mountpoint becomes inaccessible if
              the filesystem terminates without first unmounting.

              This option is dangerous and should only be used after
              careful consideration of the risks.

              Automatically unmounting the filesystem means that if the
              filesystem crashes the mountpoint may suddenly appear
              empty, which may have unintended consequences. For
              example, a running backup and mirroring program may
              conclude that all the data in the filesystem has been
              deleted and proceed to propagate this deletion to the
              backup / remote system. If the mountpoint instead becomes
              inaccessible (the default), most programs will behave
              correctly (report an error).

              This feature may also accidentally unmount the wrong
              filesystem due to race conditions. For example, if another
              filesystem was mounted underneath the same mountpoint, or
              if a new filesystem is mounted after the FUSE process has
              crashed, it may accidentally get unmounted.

              At the moment, this option implies that the filesystem
              will also be mounted with nodev and nosuid (even when
              mounted by root). This restriction may be lifted in the
              future.

   High-level mount options:
       These following options are not actually passed to the kernel but
       interpreted by libfuse. They can only be specified for
       filesystems that use the high-level libfuse API:

       kernel_cache
              This option disables flushing the cache of the file
              contents on every open(2).  This should only be enabled on
              filesystems, where the file data is never changed
              externally (not through the mounted FUSE filesystem).
              Thus it is not suitable for network filesystems and other
              "intermediate" filesystems.

              NOTE: if this option is not specified (and neither
              direct_io) data is still cached after the open(2), so a
              read(2) system call will not always initiate a read
              operation.

       auto_cache
              This option is an alternative to kernel_cache. Instead of
              unconditionally keeping cached data, the cached data is
              invalidated on open(2) if the modification time or the
              size of the file has changed since it was last opened.

       umask=M
              Override the permission bits in st_mode set by the
              filesystem. The resulting permission bits are the ones
              missing from the given umask value.  The value is given in
              octal representation.

       uid=N  Override the st_uid field set by the filesystem (N is
              numeric).

       gid=N  Override the st_gid field set by the filesystem (N is
              numeric).

       entry_timeout=T
              The timeout in seconds for which name lookups will be
              cached. The default is 1.0 second. For all the timeout
              options, it is possible to give fractions of a second as
              well (e.g. entry_timeout=2.8)

       negative_timeout=T
              The timeout in seconds for which a negative lookup will be
              cached. This means, that if file did not exist (lookup
              returned ENOENT), the lookup will only be redone after the
              timeout, and the file/directory will be assumed to not
              exist until then.  The default is 0.0 second, meaning that
              caching negative lookups are disabled.

       attr_timeout=T
              The timeout in seconds for which file/directory attributes
              are cached.  The default is 1.0 second.

       ac_attr_timeout=T
              The timeout in seconds for which file attributes are
              cached for the purpose of checking if auto_cache should
              flush the file data on  open. The default is the value of
              attr_timeout

       noforget

       remember=T
              Normally, libfuse assigns inodes to paths only for as long
              as the kernel is aware of them. With this option inodes
              are instead assigned for at least T seconds (or, in the
              case of noforget, the life-time of the filesystem). This
              will require more memory, but may be necessary when using
              applications that make use of inode numbers.

       modules=M1[:M2...]
              Add modules to the filesystem stack.  Modules are pushed
              in the order they are specified, with the original
              filesystem being on the bottom of the stack.

   mount.fuse3 options:
       These options are interpreted by mount.fuse3 and are thus only
       available when mounting a file system via mount.fuse3 (such as
       when mounting via the generic mount(1) command or /etc/fstab).
       Supported options are:

       setuid=USER
              Switch to USER and its primary group before launching the
              FUSE file system process. mount.fuse3 must be run as root
              or with CAP_SETUID and CAP_SETGID for this to work.

       drop_privileges
              Perform setup of the FUSE file descriptor and mounting the
              file system before launching the FUSE file system process.
              mount.fuse3 requires privilege to do so, i.e. must be run
              as root or at least with CAP_SYS_ADMIN and CAP_SETPCAP. It
              will launch the file system process fully unprivileged,
              i.e. without capabilities(7) and prctl(2) flags set up
              such that privileges can't be reacquired (e.g. via setuid
              or fscaps binaries). This reduces risk in the event of the
              FUSE file system process getting compromised by malicious
              file system data.

FUSE MODULES (STACKING)         top

       Modules are filesystem stacking support to high level API.
       Filesystem modules can be built into libfuse or loaded from
       shared object

   iconv
       Perform file name character set conversion.  Options are:

       from_code=CHARSET
              Character set to convert from (see iconv -l for a list of
              possible values). Default is UTF-8.

       to_code=CHARSET
              Character set to convert to.  Default is determined by the
              current locale.

   subdir
       Prepend a given directory to each path. Options are:

       subdir=DIR
              Directory to prepend to all paths.  This option is
              mandatory.

       rellinks
              Transform absolute symlinks into relative

       norellinks
              Do not transform absolute symlinks into relative.  This is
              the default.

SECURITY         top

       The fusermount3 program is installed set-user-gid to fuse. This
       is done to allow users from fuse group to mount their own
       filesystem implementations.  There must however be some
       limitations, in order to prevent Bad User from doing nasty
       things.  Currently those limitations are:

       1.     The user can only mount on a mountpoint, for which it has
              write permission

       2.     The mountpoint is not a sticky directory which isn't owned
              by the user (like /tmp usually is)

       3.     No other user (including root) can access the contents of
              the mounted filesystem.

NOTE         top

       FUSE filesystems are unmounted using the fusermount3(1) command
       (fusermount3 -u mountpoint).

AUTHORS         top

       FUSE is currently maintained by Nikolaus Rath <Nikolaus@rath.org>

       The original author of FUSE is Miklos Szeredi
       <mszeredi@inf.bme.hu>.

       This man page was originally written by Bastien Roucaries
       <roucaries.bastien+debian@gmail.com> for the Debian GNU/Linux
       distribution.

SEE ALSO         top

       fusermount3(1) fusermount(1) mount(8) fuse(4)

COLOPHON         top

       This page is part of the libfuse (Filesystem in Userspace)
       project.  Information about the project can be found at 
       ⟨https://github.com/libfuse/libfuse⟩.  If you have a bug report
       for this manual page, see
       ⟨https://github.com/libfuse/libfuse/issues⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨https://github.com/libfuse/libfuse.git⟩ on 2024-06-14.  (At that
       time, the date of the most recent commit that was found in the
       repository was 2024-06-13.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

                                                                 fuse(8)

Pages that refer to this page: fusermount3(1)mount(8)