Provided by: pmount_0.9.20-2_i386 bug

NAME

       pmount - mount arbitrary hotpluggable devices as normal user

SYNOPSIS

       pmount [ options ] device

       pmount [ options ] device label

       pmount --lock [ options ] device pid

       pmount --unlock [ options ] device pid

       pmount

DESCRIPTION

       pmount  ("policy mount") is a wrapper around the standard mount program
       which permits  normal  users  to  mount  removable  devices  without  a
       matching /etc/fstab entry.

       pmount also supports encrypted devices which use dm-crypt and have LUKS
       metadata. If a LUKS-capable cryptsetup is installed, pmount will use it
       to  decrypt  the  device  first and mount the mapped unencrypted device
       instead.

       pmount is invoked like this:

       pmount device [ label ]

       This will mount device to a directory below /media  if  policy  is  met
       (see  below).  If label is given, the mount point will be /media/label,
       otherwise it will be /media/device.

       The   device   will   be   mounted   with    the    following    flags:
       async,atime,nodev,noexec,noauto,nosuid,user,rw

       Some applications like CD burners modify a raw device which must not be
       mounted while the burning process is in progress. To prevent  automatic
       mounting,  pmount  offers a locking mechanism: pmount --lock device pid
       will prevent the pmounting of device until it is unlocked  again  using
       pmount  --unlock  device  pid. The process id pid assigns the lock to a
       particular process; this allows to lock a device by several  processes.

       During  mount,  the  list  of  locks  is cleaned, i. e. all locks whose
       associated process does not exist any more are removed.  This  prevents
       forgotten indefinite locks from crashed programs.

       Running  pmount  without arguments prints the list of mounted removable
       devices, a bit in the fashion of mount (1).

       Please note that you can use labels and uuids as described in fstab (5)
       for  devices present in /etc/fstab.  In this case, the device name need
       to match exactly the corresponding entry in /etc/fstab,  including  the
       LABEL= or UUID= part.

       Important  note  for  Debian:  The  permission  to  execute  pmount  is
       restricted to members of the  system  group  plugdev.  Please  add  all
       desktop  users  who  shall  be  able  to  use  pmount  to this group by
       executing

              adduser user plugdev

       (as root).

POLICY

       The mount will succeed if all of the following conditions are met:

       · device is a block device in /dev/

       · device is not in /etc/fstab (if it is, pmount executes  mount  device
         as the calling user to handle this transparently). See below for more
         details.

       · device is not already mounted according to /etc/mtab and /proc/mounts

       · if the mount point already exists, there is no device already mounted
         at it and the directory is empty

       · device   is   removable   (USB,   FireWire,   or   MMC   device,   or
         /sys/block/drive/removable is 1) or whitelisted in /etc/pmount.allow.

       · device is not locked

OPTIONS

       -r, --read-only
              Force the device to be mounted read only. If neither -r  nor  -w
              is specified, the kernel will choose an appropriate default.

       -w, --read-write
              Force  the device to be mounted read/write. If neither -r nor -w
              is specified, the kernel will choose an appropriate default.

       -s, --sync
              Mount the device with the  sync  option,  i.  e.  without  write
              caching.  Default is async (write-back). With this option, write
              operations are much slower and due to the  massive  increase  of
              updates  of  inode/FAT  structures,  flash  devices  may  suffer
              heavily if you write large files. This  option  is  intended  to
              make  it  safe  to  just  rip  out  USB  drives  without  proper
              unmounting.

       -A, --noatime
              Mount the device with the noatime option. Default is atime.

       -e, --exec
              Mount the device with the exec option. Default is noexec.

       -t filesystem, --type filesystem
              Mount as specified file system type. The  file  system  type  is
              automatically determined if this option is not given. See at the
              bottom for a list of currently supported filesystems.

       -c charset, --charset charset
              Use given I/O character set (default: utf8 if called in an UTF-8
              locale,  otherwise  mount  default).  This  corresponds with the
              mount option iocharset (or nls for NTFS). This option is ignored
              for  file  systems that do not support setting the character set
              (see mount (8) for details).  Important note:  pmount  will  now
              mount    VFAT    filesystems    with    iocharset=iso8859-1   as
              iocharset=utf8 currently  makes  the  filesystem  case-sensitive
              (which is pretty bad...).

       -u umask, --umask umask
              Use  specified  umask  instead  of the default one. For UDF, the
              default is ’000’, for VFAT and NTFS the default is  ’077’.  This
              value  is  ignored for file systems which do not support setting
              an umask. Note that you can use a value of 077 to forbid  anyone
              else  to  read/write  the files, 027 to allow your group to read
              the files and 022 to allow anyone to read the  files  (but  only
              you can write).

       --dmask dmask

       --fmask fmask
              Some  filesystems  (essentially  VFAT and HFS) supports separate
              umasks (see the -u option just above) for directories and files,
              to avoid the annoying effect of having all files executable. For
              these filesystems, you can specify separately  the  masks  using
              these options. By default, fmask is umask without all executable
              permissions and dmask  is  umask.   Most  of  the  times,  these
              settings should just do what you want, so there should be seldom
              any need for using directly the --fmask and --dmask options.

       -p file --passphrase file
              If the device is encrypted (dm-crypt with LUKS  metadata),  read
              the  passphrase  from specified file instead of prompting at the
              terminal.

       -h, --help
              Print a help message and exit successfully.

       -d, --debug
              Enable verbose debug messages.

       -V, --version
              Print the current version number and exit successfully.

FILES

       /etc/pmount.allow
              List of devices (one device per  line)  which  are  additionally
              permitted  for  pmounting.  Globs,  such  as  /dev/sda[123]  are
              permitted. See see glob (7) for a more complete syntax.

SEE ALSO

       pumount(1), mount(8)

SUPPORTED FILESYSTEMS

       For now, pmount supports the following filesystems: udf, iso9660, vfat,
       ntfs,  hfsplus,  hfs, ext3, ext2, ext4, reiserfs, reiser4, xfs, jfs and
       omfs.  They are  tried  sequentially  in  that  exact  order  when  the
       filesystem is not specified.

       Additionally,  pmount  supports  the  filesystem  types  ntfs-fuse  and
       ntfs-3g to mount  NTFS  volumes  respectively  with  ntfsmount  (1)  or
       ntfs-3g (1). If the file /sbin/mount.ntfs-3g is found, then pmount will
       mount NTFS filestystems with type ntfs-3g rather than plain  ntfs.   To
       disable  this  behavior,  just  specify -t ntfs on the command-line, as
       this happens only for autodetection.

MORE ABOUT FSTAB

       pmount now fully resolve all symlinks both in  its  input  and  in  the
       /etc/fstab  file,  which  means  that  if  /dev/cdrom  is  a symlink to
       /dev/hdc and you try to mount /dev/hdc directly, pmount  will  delegate
       this  to  mount(1).   This is a feature, and it contrasts with previous
       unclear behavior of pmount about symlinks in /etc/fstab.

KNOWN ISSUES

       Though we believe pmount is pretty much free  from  security  problems,
       there are quite a few glitches that probably will never be fixed.

       · pmount  needs  to  try  several  different  times to mount to get the
         filesystem right in the end; it is vital that pmount does know  which
         precise filesystem to mount in order to give it the right options not
         to cause security holes. This is rather different from the  behaviour
         of  mount  with  the  -t  auto  options, which can have a look at the
         device it is trying to mount and find out  what  its  filesystem  is.
         pmount  will  never  try  to open a device and look at it to find out
         which filesystem it is, as it might open quite a few security  holes.
         Moreover,  the  order  in which the filesystems are tried are what we
         could call the most commonly used  filesystems  on  removable  media.
         This  order  is unlikely to change as well. In particular, that means
         that when you mount an ext3 filesystem using pmount, you might get  a
         lot of fs-related kernel error messages. Sorry !

       NOTE:  Starting  from version 0.9.17, pmount uses the same mechanism as
       mount (1) to autodetect the filesystem type, so this kind  of  problems
       should not happen anymore.

AUTHOR

       pmount      was     originally     developed     by     Martin     Pitt
       <martin.pitt@canonical.com>.  It is now maintained by Vincent  Fourmond
       <fourmond@debian.org>.