Provided by: pmount_0.9.17-2_i386 bug

NAME

       pmount - mount arbitrary hotpluggable devices as normal user

SYNOPSIS

       pmount [ options ] device

       pmount [ options ] device label

       pmount --lock [ options ] device pid

       pmount --unlock [ options ] device pid

       pmount

DESCRIPTION

       pmount  ("policy mount") is a wrapper around the standard mount program
       which permits  normal  users  to  mount  removable  devices  without  a
       matching /etc/fstab entry.

       pmount also supports encrypted devices which use dm-crypt and have LUKS
       metadata. If a LUKS-capable cryptsetup is installed, pmount will use it
       to  decrypt  the  device  first and mount the mapped unencrypted device
       instead.

       pmount is invoked like this:

       pmount device [ label ]

       This will mount device to a directory below /media  if  policy  is  met
       (see  below).  If label is given, the mount point will be /media/label,
       otherwise it will be /media/device.

       The   device   will   be   mounted   with    the    following    flags:
       async,atime,nodev,noexec,noauto,nosuid,user,rw

       Some applications like CD burners modify a raw device which must not be
       mounted while the burning process is in progress. To prevent  automatic
       mounting,  pmount  offers a locking mechanism: pmount --lock device pid
       will prevent the pmounting of device until it is unlocked  again  using
       pmount  --unlock  device  pid. The process id pid assigns the lock to a
       particular process; this allows to lock a device by several  processes.

       During  mount,  the  list  of  locks  is cleaned, i. e. all locks whose
       associated process does not exist any more are removed.  This  prevents
       forgotten indefinite locks from crashed programs.

       Running  pmount  without arguments prints the list of mounted removable
       devices, a bit in the fashion of mount (1).

       Please note that you can use labels and uuids as described in fstab (5)
       for  devices present in /etc/fstab.  In this case, the device name need
       to match exactly the corresponding entry in /etc/fstab,  including  the
       LABEL= or UUID= part.

       Important  note  for  Debian:  The  permission  to  execute  pmount  is
       restricted to members of the  system  group  plugdev.  Please  add  all
       desktop  users  who  shall  be  able  to  use  pmount  to this group by
       executing

              adduser user plugdev

       (as root).

POLICY

       The mount will succeed if all of the following conditions are met:

       · device is a block device in /dev/

       · device is not in /etc/fstab (if it is, pmount executes  mount  device
         as the calling user to handle this transparently). See below for more
         details.

       · device is not already mounted according to /etc/mtab and /proc/mounts

       · if the mount point already exists, there is no device already mounted
         at it and the directory is empty

       · device   is   removable   (USB,   FireWire,   or   MMC   device,   or
         /sys/block/drive/removable is 1) or whitelisted in /etc/pmount.allow.

       · device is not locked

OPTIONS

       -r, --read-only
              Force the device to be mounted read only. If neither -r  nor  -w
              is specified, the kernel will choose an appropriate default.

       -w, --read-write
              Force  the device to be mounted read/write. If neither -r nor -w
              is specified, the kernel will choose an appropriate default.

       -s, --sync
              Mount the device with the  sync  option,  i.  e.  without  write
              caching.  Default is async (write-back). With this option, write
              operations are much slower and due to the  massive  increase  of
              updates  of  inode/FAT  structures,  flash  devices  may  suffer
              heavily if you write large files. This  option  is  intended  to
              make  it  safe  to  just  rip  out  USB  drives  without  proper
              unmounting.

       -A, --noatime
              Mount the device with the noatime option. Default is atime.

       -e, --exec
              Mount the device with the exec option. Default is noexec.

       -t filesystem, --type filesystem
              Mount as specified file system type. The  file  system  type  is
              automatically determined if this option is not given. See at the
              bottom for a list of currently supported filesystems.

       -c charset, --charset charset
              Use given I/O character set (default: utf8 if called in an UTF-8
              locale,  otherwise  mount  default).  This  corresponds with the
              mount option iocharset (or nls for NTFS). This option is ignored
              for  file  systems that do not support setting the character set
              (see mount (8) for details).

       -u umask, --umask umask
              Use specified umask instead of the default  one.  For  UDF,  the
              default  is  ’000’, for VFAT and NTFS the default is ’077’. This
              value is ignored for file systems which do not  support  setting
              an  umask. Note that you can use a value of 077 to forbid anyone
              else to read/write the files, 027 to allow your  group  to  read
              the  files  and  022 to allow anyone to read the files (but only
              you can write).

       --dmask dmask

       --fmask fmask
              Some filesystems (essentially VFAT and  HFS)  supports  separate
              umasks (see the -u option just above) for directories and files,
              to avoid the annoying effect of having all files executable. For
              these  filesystems,  you  can specify separately the masks using
              these options. By default, fmask is umask without all executable
              permissions  and  dmask  is  umask.   Most  of  the times, these
              settings should just do what you want, so there should be seldom
              any need for using directly the --fmask and --dmask options.

       -p file --passphrase file
              If  the  device is encrypted (dm-crypt with LUKS metadata), read
              the passphrase from specified file instead of prompting  at  the
              terminal.

       -h, --help
              Print a help message and exit successfully.

       -d, --debug
              Enable verbose debug messages.

       --version
              Print the current version number and exit successfully.

FILES

       /etc/pmount.allow
              List  of  devices  (one  device per line) which are additionally
              permitted  for  pmounting.  Globs,  such  as  /dev/sda[123]  are
              permitted. See see glob (7) for a more complete syntax.

SEE ALSO

       pumount(1), mount(8)

SUPPORTED FILESYSTEMS

       For     now,     pmount    supports    the    following    filesystems:
       udf, iso9660, vfat, ntfs, hfsplus, hfs,
       ext3, ext2, reiserfs, reiser4, xfs, jfs and   omfs.    They  are  tried
       sequentially in that exact order when the filesystem is not  specified.

       Additionnally,  pmount  supports  the  filesystem  types  ntfs-fuse and
       ntfs-3g to mount  NTFS  volumes  respectively  with  ntfsmount  (1)  or
       ntfs-3g (1). If the file /sbin/mount.ntfs-3g is found, then pmount will
       mount NTFS filestystems with type ntfs-3g rather than plain  ntfs.   To
       disable  this  behavior,  just  specify -t ntfs on the command-line, as
       this happens only for autodetection.

MORE ABOUT FSTAB

       Until pmount version 0.9.16-1, a device was deemed  to  be  handled  by
       /etc/fstab  if  the  real path (after symlink resolution) of the device
       given on the command-line was matching the real path of  one  entry  in
       /etc/fstab.   This  meant  that,  if  /dev/cdrom  was a symlink to say,
       /dev/hda and that only /dev/cdrom was referenced in /etc/fstab,

       pmount /dev/hda

       would necessary fail as pmount would delegate to mount  who  would  not
       find /dev/hda in /etc/fstab.

       Starting  from  version  0.9.16-2,  this  behavior has been fixed. This
       means that if you really want that pmount does not mount  devices  that
       are  in  /etc/fstab,  you need to make sure that /etc/fstab refers only
       real device nodes and not symlinks.  See  http://bugs.debian.org/418888
       for a real-life example...

KNOWN ISSUES

       Though  we  believe  pmount is pretty much free from security problems,
       there are quite a few glitches that probably will never be fixed.

       · pmount needs to try several different  times  to  mount  to  get  the
         filesystem  right in the end; it is vital that pmount does know which
         precise filesystem to mount in order to give it the right options not
         to  cause security holes. This is rather different from the behaviour
         of mount with the -t auto options, which  can  have  a  look  at  the
         device  it  is  trying  to mount and find out what its filesystem is.
         pmount will never try to open a device and look at  it  to  find  out
         which  filesystem it is, as it might open quite a few security holes.
         Moreover, the order in which the filesystems are tried  are  what  we
         could  call  the  most  commonly used filesystems on removable media.
         This order is unlikely to change as well. In particular,  that  means
         that  when you mount an ext3 filesystem using pmount, you might get a
         lot of fs-related kernel error messages. Sorry !

       NOTE: Starting from version 0.9.17, pmount uses the same  mechanism  as
       mount  (1)  to autodetect the filesystem type, so this kind of problems
       should not happen anymore.

AUTHOR

       pmount     was     originally     developed     by     Martin      Pitt
       <martin.pitt@canonical.com>.   It is now maintained by Vincent Fourmond
       <fourmond@debian.org>.