pmount - mount arbitrary hotpluggable devices as normal user
] device label
] device pid
] device pid
pmount ("policy mount") is a wrapper around the standard mount program
which permits normal users to mount removable devices without a matching
pmount also supports encrypted devices which use dm-crypt and have LUKS
metadata. If a LUKS-capable cryptsetup
is installed, pmount will use it
to decrypt the device first and mount the mapped unencrypted device instead.
is invoked like this:
This will mount device
to a directory below /media if policy is met (see
below). If label
is given, the mount point will be /media/label,
otherwise it will be /media/device.
The device will be mounted with the following flags:
Some applications like CD burners modify a raw device which must not be mounted
while the burning process is in progress. To prevent automatic mounting,
pmount offers a locking mechanism: pmount --lock device pid
prevent the pmounting of device
until it is unlocked again using
pmount --unlock device pid. The process id pid
the lock to a particular process; this allows to lock a device by several
During mount, the list of locks is cleaned, i. e. all locks whose associated
process does not exist any more are removed. This prevents forgotten
indefinite locks from crashed programs.
without arguments prints the list of mounted removable
devices, a bit in the fashion of mount
Please note that you can use labels and uuids as described in fstab
for devices present in /etc/fstab
. In this case, the device name need
to match exactly the corresponding entry in /etc/fstab
, including the
Important note for Debian:
The permission to execute pmount is restricted
to members of the system group plugdev. Please add all desktop users who
shall be able to use
pmount to this group by executing
- adduser user plugdev
The mount will succeed if all of the following conditions are met:
- device is a block device in /dev/
- device is not in /etc/fstab (if it is, pmount executes mount
device as the calling user to handle this
transparently). See below for more details.
- device is not already mounted according to /etc/mtab and
- if the mount point already exists, there is no device already mounted at
it and the directory is empty
- device is removable (USB, FireWire, or MMC device, or
/sys/block/ drive/removable is 1) or whitelisted in
- device is not locked
- -r, --read-only
- Force the device to be mounted read only. If neither -r nor -w is
specified, the kernel will choose an appropriate default.
- -w, --read-write
- Force the device to be mounted read/write. If neither -r nor -w is
specified, the kernel will choose an appropriate default.
- -s, --sync
- Mount the device with the sync option, i. e. without write caching.
Default is async (write-back). With this option, write operations
are much slower and due to the massive increase of updates of inode/FAT
structures, flash devices may suffer heavily if you write large files.
This option is intended to make it safe to just rip out USB drives without
- -A, --noatime
- Mount the device with the noatime option. Default is atime.
- -e, --exec
- Mount the device with the exec option. Default is noexec.
- -t filesystem, --type filesystem
- Mount as specified file system type. The file system type is automatically
determined if this option is not given. See at the bottom for a list of
currently supported filesystems.
- -c charset, --charset charset
- Use given I/O character set (default: utf8 if called in an UTF-8
locale, otherwise mount default). This corresponds with the mount option
iocharset (or nls for NTFS). This option is ignored for file
systems that do not support setting the character set (see mount
(8) for details). Important note: pmount will now mount VFAT
filesystems with iocharset=iso8859-1 as iocharset=utf8
currently makes the filesystem case-sensitive (which is pretty bad...).
- -u umask, --umask umask
- Use specified umask instead of the default one. For UDF, the default is
'000', for VFAT and NTFS the default is '077'. This value is ignored for
file systems which do not support setting an umask. Note that you can use
a value of 077 to forbid anyone else to read/write the files, 027 to allow
your group to read the files and 022 to allow anyone to read the files
(but only you can write).
- --dmask dmask
- --fmask fmask
- Some filesystems (essentially VFAT and HFS) supports separate
umasks (see the -u option just above) for directories and
files, to avoid the annoying effect of having all files executable. For
these filesystems, you can specify separately the masks using these
options. By default, fmask is umask without all executable
permissions and dmask is umask. Most of the times, these
settings should just do what you want, so there should be seldom any need
for using directly the --fmask and --dmask options.
- -p file --passphrase file
- If the device is encrypted (dm-crypt with LUKS metadata), read the
passphrase from specified file instead of prompting at the
- -h, --help
- Print a help message and exit successfully.
- -d, --debug
- Enable verbose debug messages.
- -V, --version
- Print the current version number and exit successfully.
- List of devices (one device per line) which are additionally permitted for
pmounting. Globs, such as /dev/sda are permitted. See see
glob (7) for a more complete syntax.
For now, pmount
supports the following filesystems: udf
. They are tried sequentially in that
exact order when the filesystem is not specified.
supports the filesystem types ntfs-fuse
to mount NTFS volumes respectively with ntfsmount
(1). If the file /sbin/mount.ntfs-3g
is found, then
will mount NTFS filestystems with type ntfs-3g
than plain ntfs
. To disable this behavior, just specify -t ntfs
on the command-line, as this happens only for autodetection.
MORE ABOUT FSTAB¶
now fully resolve all symlinks both in its input and in the
file, which means that if /dev/cdrom
is a symlink to
and you try to mount /dev/hdc
will delegate this to mount
(1). This is a feature, and it contrasts
with previous unclear behavior of pmount
about symlinks in
Though we believe pmount
is pretty much free from security problems,
there are quite a few glitches that probably will never be fixed.
- pmount needs to try several different times to mount to get the
filesystem right in the end; it is vital that pmount does know
which precise filesystem to mount in order to give it the right options
not to cause security holes. This is rather different from the behaviour
of mount with the -t auto options, which can have a look at
the device it is trying to mount and find out what its filesystem is.
pmount will never try to open a device and look at it to find out
which filesystem it is, as it might open quite a few security holes.
Moreover, the order in which the filesystems are tried are what we could
call the most commonly used filesystems on removable media. This order is
unlikely to change as well. In particular, that means that when you mount
an ext3 filesystem using pmount, you might get a lot of
fs-related kernel error messages. Sorry !
Starting from version 0.9.17
uses the same
mechanism as mount
(1) to autodetect the filesystem type, so this kind
of problems should not happen anymore.
was originally developed by Martin Pitt
<firstname.lastname@example.org>. It is now maintained by Vincent Fourmond