BINDFS(1) | General Commands Manual | BINDFS(1) |
NAME¶
bindfs ‐ mount --bind in user-spaceSYNOPSIS¶
bindfs [options] dir mountpointDESCRIPTION¶
A FUSE filesystem for mirroring the contents of a directory to another directory. Additionally, one can change the permissions of files in the mirrored directory.FILE OWNERSHIP¶
- -u, --user, --owner=user, -o owner=...
- Makes all files owned by the specified user. Also causes
chown on the mounted filesystem to always fail.
- -g, --group=group, -o group=...
- Makes all files owned by the specified group. Also causes
chgrp on the mounted filesystem to always fail.
- -p, --perms=permissions, -o perms=...
- Takes a comma- or colon-separated list of chmod-like
permission specifications to be applied to the permission bits in order.
See PERMISSION SPECIFICATION below for details.
- -m, --mirror=user1:user2:..., -o mirror=...
- Takes a comma- or colon-separated list of users who will
see themselves as the owners of all files. Users who are not listed here
will still be able to access the mount if the permissions otherwise allow
them to.
- -M, --mirror-only=user1:user2:..., -o mirror-only=...
- Like --mirror but disallows access for all other
users (except root).
- --map=user1/user2:@group1/@group2:..., -o map=...
- Given a mapping user1/user2, all files owned by
user1 are shown as owned by user2. When user2 creates files, they are
chowned to user1 in the underlying directory. When files are chowned to
user2, they are chowned to user1 in the underlying directory. Works
similarly for groups.
FILE CREATION POLICY¶
New files and directories are created so they are owned by the mounter. bindfs can let this happen (the default for normal users), or it can try to change the owner to the uid/gid of the process that wants to create the file (the default for root). It is also possible to have bindfs try to change the owner to a particular user or group.- --create-as-user, -o create-as-user
- Tries to change the owner and group of new files and
directories to the uid and gid of the caller. This can work only if the
mounter is root. It is also the default behavior (mimicing mount --bind)
if the mounter is root.
- --create-as-mounter, -o create-as-mounter
- All new files and directories will be owned by the mounter.
This is the default behavior for non-root mounters.
- --create-for-user=user, -o create-for-user=...
- Tries to change the owner of new files and directories to
the user specified here. This can work only if the mounter is root. This
option overrides the --create-as-user and --create-as-mounter options.
- --create-for-group=group, -o create-for-group=...
- Tries to change the owning group of new files and
directories to the group specified here. This can work only if the mounter
is root. This option overrides the --create-as-user and
--create-as-mounter options.
- --create-with-perms=permissions, -o create-with-perms=...
- Works like --perms but is applied to the permission bits of
new files get in the source directory. Normally the permissions of new
files depend on the creating process's preferences and umask. This option
can be used to modify those permissions or override them completely. See
PERMISSION SPECIFICATION below for details.
CHOWN/CHGRP POLICY¶
The behaviour on chown/chgrp calls can be changed. By default they are passed through to the source directory even if bindfs is set to show a fake owner/group. A chown/chgrp call will only succeed if the user has enough mirrored permissions to chmod the mirrored file AND the mounter has enough permissions to chmod the real file.- --chown-normal, -o chown-normal
- Tries to chown the underlying file. This is the default.
- --chown-ignore, -o chown-ignore
- Lets chown succeed (if the user has enough mirrored
permissions) but actually does nothing. A combined chown/chgrp is
effectively turned into a chgrp-only request.
- --chown-deny, -o chown-deny
- Makes chown always fail with a 'permission denied' error. A
combined chown/chgrp request will fail as well.
- --chgrp-normal, -o chgrp-normal
- Tries to chgrp the underlying file. This is the default.
- --chgrp-ignore, -o chgrp-ignore
- Lets chgrp succeed (if the user has enough mirrored
permissions) but actually does nothing. A combined chown/chgrp is
effectively turned into a chown-only request.
- --chgrp-deny, -o chgrp-deny
- Makes chgrp always fail with a 'permission denied' error. A
combined chown/chgrp request will fail as well.
CHMOD POLICY¶
Chmod calls are forwarded to the source directory by default. This may cause unexpected behaviour if bindfs is altering permission bits.- --chmod-normal, -o chmod-normal
- Tries to chmod the underlying file. This will succeed if
the user has the appropriate mirrored permissions to chmod the mirrored
file AND the mounter has enough permissions to chmod the real file. This
is the default (in order to behave like mount --bind by default).
- --chmod-ignore, -o chmod-ignore
- Lets chmod succeed (if the user has enough mirrored
permissions) but actually does nothing.
- --chmod-deny, -o chmod-deny
- Makes chmod always fail with a 'permission denied' error.
- --chmod-allow-x, -o chmod-allow-x
- Allows setting and clearing the executable attribute on
files (but not directories). When used with --chmod-ignore, chmods will
only affect execute bits on files and changes to other bits are discarded.
With --chmod-deny, all chmods that would change any bits except excecute
bits on files will still fail with a 'permission denied'. This option does
nothing with --chmod-normal.
XATTR POLICY¶
Extended attributes are mirrored by default, though not all underlying file systems support xattrs.- --xattr-none, -o xattr-none
- Disable extended attributes altogether. All operations will
return 'Operation not supported'.
- --xattr-ro, -o xattr-ro
- Let extended attributes be read-only.
- --xattr-rw, -o xattr-rw
- Let extended attributes be read-write (the default). The
read/write permissions are checked against the (possibly modified) file
permissions inside the mount.
MISCELLANEOUS OPTIONS¶
- -h, --help
- Displays a help message and exits.
- -V, --version
- Displays version information and exits.
- -n, --no-allow-other, -o no-allow-other
- Does not add -o allow_other to FUSE options. This
causes the mount to be accessible only by the current user.
- --realistic-permissions, -o realistic-permissions
- Hides read/write/execute permissions for a mirrored file
when the mounter doesn't have read/write/execute access to the underlying
file. Useless when mounting as root, since root will always have full
access.
- --ctime-from-mtime, -o ctime-from-mtime
- Recall that a unix file has three standard timestamps:
atime (last access i.e. read time), mtime (last content
modification time) ctime (last content or metadata (inode) change
time)
- --hide-hard-links, -o hide-hard-links
- Shows the hard link count of all files as 1.
FUSE OPTIONS¶
- -o options
- Fuse options.
- -r, -o ro
- Make the mount strictly read-only. This even prevents root
from writing to it. If this is all you need, then (since Linux 2.6.26) you
can get a more efficent mount with mount --bind and then mount
-o remount,ro.
- -d, -o debug
- Enable debug output (implies -f).
- -f
- Foreground operation.
- -s
- Disable multithreaded operation. bindfs should be
thread-safe.
PERMISSION SPECIFICATION¶
The -p option takes a comma- or colon-separated list of either octal numeric permission bits or symbolic representations of permission bit operations. The symbolic representation is based on that of the chmod(1) command. setuid, setgid and sticky bits are ignored.Works like X but applies only to directories (not to executables).
Makes this directive only apply to directories (d) or files (f).
e.g. gd-w would remove the group write bit from all directories.
Uses the user (u), group (g) or others (o) permission bits of
the original file.
e.g. g=u would copy the user's permission bits to the group.
ug+o would add the others' permissions to the owner and group.
- o-rwx
- Removes all permission bits from others.
- g=rD
- Allows group to read all files and enter all directories,
but nothing else.
- 0644,a+X
- Sets permission bits to 0644 and adds the execute bit for
everyone to all directories and executables.
- og-x:og+rD:u=rwX:g+rw
- Removes execute bit for others and group, adds read and
directory execute for others and group, sets user permissions to read,
write and execute directory/executable, adds read and write for group.
EXAMPLES¶
- bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite
-
- bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt
-
- bindfs -ono-allow-other,perms=a-w somedir somedir
-
- bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0
-