man pmount (Commandes) - mount arbitrary hotpluggable devices as normal user

NAME

pmount - mount arbitrary hotpluggable devices as normal user

SYNOPSIS

pmount [ options ] device

pmount [ options ] device label

pmount --lock [ options ] device pid

pmount --unlock [ options ] device pid

DESCRIPTION

pmount ("policy mount") is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry.

pmount also supports encrypted devices which use dm-crypt and have LUKS metadata. If a LUKS-capable cryptsetup is installed, pmount will use it to decrypt the device first and mount the mapped unencrypted device instead.

pmount is invoked like this:

pmount device [ label ]

This will mount device to a directory below /media if policy is met (see below). If label is given, the mount point will be /media/label, otherwise it will be /media/device.

The device will be mounted with the following flags: async,atime,nodev,noexec,noauto,nosuid,user,rw

Some applications like CD burners modify a raw device which must not be mounted while the burning process is in progress. To prevent automatic mounting, pmount offers a locking mechanism: pmount --lock device pid will prevent the pmounting of device until it is unlocked again using pmount --unlock device pid. The process id pid assigns the lock to a particular process; this allows to lock a device by several processes.

During mount, the list of locks is cleaned, i. e. all locks whose associated process does not exist any more are removed. This prevents forgotten indefinite locks from crashed programs.

Important note for Debian: The permission to execute pmount is restricted to members of the system group plugdev. Please add all desktop users who shall be able to use pmount to this group by executing

adduser user plugdev

(as root).

POLICY

The mount will succeed if all of the following conditions are met:

•
device is a block device in /dev/
•
device is not in /etc/fstab (if it is, pmount executes mount device as the calling user to handle this transparently)
•
device is not already mounted according to /etc/mtab and /proc/mounts
•
if the mount point already exists, there is no device already mounted at it and the directory is empty
•
device is removable (USB, FireWire, or MMC device, or /sys/block/drive/removable is 1) or whitelisted in /etc/pmount.allow.
•
device is not locked

OPTIONS

-r, --read-only
Force the device to be mounted read only. If neither -r nor -w is specified, the kernel will choose an appropriate default.
-w, --read-write
Force the device to be mounted read/write. If neither -r nor -w is specified, the kernel will choose an appropriate default.
-s, --sync
Mount the device with the sync option, i. e. without write caching. Default is async (write-back). With this option, write operations are much slower and due to the massive increase of updates of inode/FAT structures, flash devices may suffer heavily if you write large files. This option is intended to make it safe to just rip out USB drives without proper unmounting.
-A, --noatime
Mount the device with the noatime option. Default is atime.
-e, --exec
Mount the device with the exec option. Default is noexec.
-t filesystem, --type filesystem Mount as specified file system type. The file system type is automatically determined if this option is not given.
-c charset, --charset charset Use given I/O character set (default: utf8 if called in an UTF-8 locale, otherwise mount default). This corresponds with the mount option iocharset. This option is ignored for file systems that do not support setting the character set (see mount (8) for details).
-u umask, --umask umask
Use specified umask instead of the default one. For UDF, the default is '007', for VFAT and NTFS the default is '077'. This value is ignored for file systems which do not support setting an umask.
--passphrase file If the device is encrypted (dm-crypt with LUKS metadata), read the passphrase from specified file instead of prompting at the terminal.
-h, --help
Print a help message and exit successfully.
-d, --debug
Enable verbose debug messages.
--version
Print the current version number and exit successfully.

FILES

/etc/pmount.allow
List of devices (one device per line) which are additionally permitted for pmounting.

SEE ALSO

AUTHOR

pmount is developed by Martin Pitt <martin.pitt@canonical.com>.