mount.fuse3(8) — Linux manual page


fuse(8)                    System Manager's Manual                   fuse(8)

NAME         top

       fuse - configuration and mount options for FUSE file systems

DESCRIPTION         top

       FUSE (Filesystem in Userspace) is a simple interface for userspace
       programs to export a virtual filesystem to the Linux kernel. FUSE
       also aims to provide a secure method for non privileged users to
       create and mount their own filesystem implementations.

DEFINITIONS         top

       FUSE   The in-kernel filesystem that forwards requests to a user-
              space process.

              The user-space process that responds to requests received from
              the kernel.

              The shared library that most (user-space) filesystems use to
              communicate with FUSE (the kernel filesystem). libfuse also
              provides the fusermount3 (or fusermount if you have older
              version of libfuse) helper to allow non-privileged users to
              mount filesystems.

       filesystem owner
              The user that starts the filesystem and instructs the kernel
              to associate it with a particular mountpoint. The latter is
              typically done by the filesystem itself on start-up. When
              using libfuse, this is done by calling the fusermount3

       client Any process that interacts with the mountpoint.


       Some options regarding mount policy can be set in the file
       /etc/fuse.conf. Currently these options are:

       mount_max = NNN
              Set the maximum number of FUSE mounts allowed to non-root
              users. The default is 1000.

              Allow non-root users to specify the allow_other or allow_root
              mount options (see below).

       These limits are enforced by the fusermount3 helper, so they can be
       avoided by filesystems that run as root.

OPTIONS         top

       Most of the generic mount options described in mount are supported
       (ro, rw, suid, nosuid, dev, nodev, exec, noexec, atime, noatime,
       sync, async, dirsync). Filesystems are mounted with nodev,nosuid by
       default, which can only be overridden by a privileged user.

   General mount options:
       These are FUSE specific mount options that can be specified for all

              This option instructs the kernel to perform its own permission
              check instead of deferring all permission checking to the
              filesystem. The check by the kernel is done in addition to any
              permission checks by the filesystem, and both have to succeed
              for an operation to be allowed. The kernel performs a standard
              UNIX permission check (based on mode bits and ownership of the
              directory entry, and uid/gid of the client).

              This mount option is activated implicitly if the filesystem
              enables ACL support during the initial feature negotiation
              when opening the device fd. In this case, the kernel performs
              both ACL and standard unix permission checking.

              Filesystems that do not implement any permission checking
              should generally add this option internally.

              This option overrides the security measure restricting file
              access to the filesystem owner, so that all users (including
              root) can access the files.

              Specifies the the file mode of the filesystem's root (in octal

       blkdev Mount a filesystem backed by a block device.  This is a
              privileged option. The device must be specified with the
              fsname=NAME option.

              Set the block size for the filesystem. This option is only
              valid for 'fuseblk' type mounts. The default is 512.

              In most cases, this option should not be specified by the
              filesystem owner but set internally by the filesystem.

              With this option the maximum size of read operations can be
              set. The default is infinite, but typically the kernel
              enforces its own limit in addition to this one. A value of
              zero corresponds to no limit.

              This option should not be specified by the filesystem owner.
              The correct (or optimum) value depends on the filesystem
              implementation and should thus be set by the filesystem

              This mount option is deprecated in favor of direct negotiation
              over the device fd (as done for e.g. the maximum size of write
              operations). For the time being, libfuse-using filesystems
              that want to limit the read size must therefore use this mount
              option and set the same value again in the init() handler.

       fd=N   The file descriptor to use for communication between the
              userspace filesystem and the kernel.  The file descriptor must
              have been obtained by opening the FUSE device (/dev/fuse).

              This option should not be specified by the filesystem owner.
              It is set by libfuse (or, if libfuse is not used, must be set
              by the filesystem itself).

              group_id=N Specifies the numeric uid/gid of the mount owner.

              This option should not be specified by the filesystem owner.
              It is set by libfuse (or, if libfuse is not used, must be set
              by the filesystem itself).

              Sets the filesystem source (first field in /etc/mtab). The
              default is the name of the filesystem process.

              Sets the filesystem type (third field in /etc/mtab). The
              default is the name of the filesystem process. If the kernel
              suppports it, /etc/mtab and /proc/mounts will show the
              filesystem type as fuse.TYPE

              If the kernel doesn't support subtypes, the source field will
              be TYPE#NAME, or if fsname option is not specified, just TYPE.

   libfuse-specific mount options:
       These following options are not actually passed to the kernel but
       interpreted by libfuse. They can be specified for all filesystems
       that use libfuse:

              This option is similar to allow_other but file access is
              limited to the filesystem owner and root.  This option and
              allow_other are mutually exclusive.

              This option enables automatic release of the mountpoint if
              filesystem terminates for any reason. Normally the filesystem
              is responsible for releasing the mountpoint, which means that
              the mountpoint becomes inaccessible if the filesystem
              terminates without first unmounting.

              At the moment, this option implies that the filesystem will
              also be mounted with nodev and nosuid (even when mounted by
              root). This restriction may be lifted in the future.

   High-level mount options:
       These following options are not actually passed to the kernel but
       interpreted by libfuse. They can only be specified for filesystems
       that use the high-level libfuse API:

              This option disables flushing the cache of the file contents
              on every open(2).  This should only be enabled on filesystems,
              where the file data is never changed externally (not through
              the mounted FUSE filesystem).  Thus it is not suitable for
              network filesystems and other "intermediate" filesystems.

              NOTE: if this option is not specified (and neither direct_io)
              data is still cached after the open(2), so a read(2) system
              call will not always initiate a read operation.

              This option is an alternative to kernel_cache. Instead of
              unconditionally keeping cached data, the cached data is
              invalidated on open(2) if the modification time or the size of
              the file has changed since it was last opened.

              Override the permission bits in st_mode set by the filesystem.
              The resulting permission bits are the ones missing from the
              given umask value.  The value is given in octal

       uid=N  Override the st_uid field set by the filesystem (N is

       gid=N  Override the st_gid field set by the filesystem (N is

              The timeout in seconds for which name lookups will be cached.
              The default is 1.0 second. For all the timeout options, it is
              possible to give fractions of a second as well (e.g.

              The timeout in seconds for which a negative lookup will be
              cached. This means, that if file did not exist (lookup
              returned ENOENT), the lookup will only be redone after the
              timeout, and the file/directory will be assumed to not exist
              until then.  The default is 0.0 second, meaning that caching
              negative lookups are disabled.

              The timeout in seconds for which file/directory attributes are
              cached.  The default is 1.0 second.

              The timeout in seconds for which file attributes are cached
              for the purpose of checking if auto_cache should flush the
              file data on  open. The default is the value of attr_timeout


              Normally, libfuse assigns inodes to paths only for as long as
              the kernel is aware of them. With this option inodes are
              instead assigned for at least T seconds (or, in the case of
              noforget, the life-time of the filesystem). This will require
              more memory, but may be necessary when using applications that
              make use of inode numbers.

              Add modules to the filesystem stack.  Modules are pushed in
              the order they are specified, with the original filesystem
              being on the bottom of the stack.

   mount.fuse3 options:
       These options are interpreted by mount.fuse3 and are thus only
       available when mounting a file system via mount.fuse3 (such as when
       mounting via the generic mount(1) command or /etc/fstab). Supported
       options are:

              Switch to USER and its primary group before launching the FUSE
              file system process. mount.fuse3 must be run as root or with
              CAP_SETUID and CAP_SETGID for this to work.

              Perform setup of the FUSE file descriptor and mounting the
              file system before launching the FUSE file system process.
              mount.fuse3 requires privilege to do so, i.e. must be run as
              root or at least with CAP_SYS_ADMIN and CAP_SETPCAP. It will
              launch the file system process fully unprivileged, i.e.
              without capabilities(7) and prctl(2) flags set up such that
              privileges can't be reacquired (e.g. via setuid or fscaps
              binaries). This reduces risk in the event of the FUSE file
              system process getting compromised by malicious file system


       Modules are filesystem stacking support to high level API. Filesystem
       modules can be built into libfuse or loaded from shared object

       Perform file name character set conversion.  Options are:

              Character set to convert from (see iconv -l for a list of
              possible values). Default is UTF-8.

              Character set to convert to.  Default is determined by the
              current locale.

       Prepend a given directory to each path. Options are:

              Directory to prepend to all paths.  This option is mandatory.

              Transform absolute symlinks into relative

              Do not transform absolute symlinks into relative.  This is the

SECURITY         top

       The fusermount3 program is installed set-user-gid to fuse. This is
       done to allow users from fuse group to mount their own filesystem
       implementations.  There must however be some limitations, in order to
       prevent Bad User from doing nasty things.  Currently those
       limitations are:

       1.     The user can only mount on a mountpoint, for which it has
              write permission

       2.     The mountpoint is not a sticky directory which isn't owned by
              the user (like /tmp usually is)

       3.     No other user (including root) can access the contents of the
              mounted filesystem.

NOTE         top

       FUSE filesystems are unmounted using the fusermount3(1) command
       (fusermount3 -u mountpoint).

AUTHORS         top

       FUSE is currently maintained by Nikolaus Rath <>

       The original author of FUSE is Miklos Szeredi <>.

       This man page was originally written by Bastien Roucaries
       <> for the Debian GNU/Linux

SEE ALSO         top

       fusermount3(1) fusermount(1) mount(8)

COLOPHON         top

       This page is part of the libfuse (Filesystem in Userspace) project.
       Information about the project can be found at 
       ⟨⟩.  If you have a bug report for
       this manual page, see ⟨⟩.
       This page was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-11-01.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-10-29.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or im‐
       provements to the information in this COLOPHON (which is not part of
       the original manual page), send a mail to