Provided by: s3fs_1.82-1_amd64 bug


       S3FS - FUSE-based file system backed by Amazon S3


       s3fs bucket[:/path] mountpoint  [options]

       s3fs mountpoint  [options(must specify bucket= option)]

       umount mountpoint
              For root.

       fusermount -u mountpoint
              For unprivileged user.

   utility mode ( remove interrupted multipart uploading objects )
       s3fs -u bucket


       s3fs  is  a  FUSE  filesystem  that  allows  you  to  mount an Amazon S3 bucket as a local
       filesystem. It stores files natively and transparently in S3  (i.e.,  you  can  use  other
       programs to access the same files).


       The  s3fs  password  file  has  this  format  (use this format if you have only one set of

       If you have more than one set of credentials, this syntax is also recognized:

       Password files can be stored in two locations:
            /etc/passwd-s3fs     [0640]
            $HOME/.passwd-s3fs   [0600]


   general options
       -h   --help
              print help

              print version

       -f     FUSE foreground option - do not run as daemon.

       -s     FUSE singlethreaded option (disables multi-threaded operation)

   mount options
       All s3fs options must given in the form where "opt" is:

       -o bucket
              if it is not specified bucket name(and path) in command  line,  must  specify  this
              option after -o option for bucket name.

       -o default_acl (default="private")
              the  default  canned  acl  to  apply  to  all  written s3 objects, e.g., "private",
              "public-read".     empty    string    means    do    not    send    header.     see
     for the full list of canned acls.

       -o retries (default="2")
              number of times to retry a failed S3 transaction.

       -o use_cache (default="" which means disabled)
              local folder to use for local file cache.

       -o check_cache_dir_exist (default is disable)
              If  use_cache  is  set, check if the cache directory exists.  If this option is not
              specified, it will be created at runtime when the cache directory does not exist.

       -o del_cache - delete local file cache
              delete local file cache when s3fs starts and exits.

       -o storage_class (default is standard)
              store object with specified storage class.  this option  replaces  the  old  option
              use_rrs.  Possible values: standard, standard_ia, and reduced_redundancy.

       -o use_rrs (default is disable)
              use  Amazon's  Reduced  Redundancy  Storage.  this option can not be specified with
              use_sse.  (can specify use_rrs=1 for old version) this option has been replaced  by
              new storage_class option.

       -o use_sse (default is disable)
              Specify  three type Amazon's Server-Site Encryption: SSE-S3, SSE-C or SSE-KMS. SSE-
              S3 uses Amazon S3-managed encryption keys, SSE-C uses customer-provided  encryption
              keys, and SSE-KMS uses the master key which you manage in AWS KMS.  You can specify
              "use_sse" or "use_sse=1" enables SSE-S3 type (use_sse=1  is  old  type  parameter).
              Case  of  setting  SSE-C, you can specify "use_sse=custom", "use_sse=custom:<custom
              key file path>" or "use_sse=<custom key file path>"(only  <custom  key  file  path>
              specified  is old type parameter).  You can use "c" for short "custom".  The custom
              key file must be 600 permission. The file can have some lines,  each  line  is  one
              SSE-C key.  The first line in file is used as Customer-Provided Encryption Keys for
              uploading and changing headers etc.  If there are some keys after first line, those
              are used downloading object which are encrypted by not first key.  So that, you can
              keep all  SSE-C  keys  in  file,  that  is  SSE-C  key  history.   If  you  specify
              "custom"("c") without file path, you need to set custom key by load_sse_c option or
              AWSSSECKEYS environment.(AWSSSECKEYS environment  has  some  SSE-C  keys  with  ":"
              separator.)   This  option  is  used to decide the SSE type.  So that if you do not
              want to encrypt a object at uploading, but you need to decrypt encrypted object  at
              downloading,  you  can  use  load_sse_c option instead of this option.  For setting
              SSE-KMS, specify "use_sse=kmsid" or "use_sse=kmsid:<kms id>".  You can use "k"  for
              short  "kmsid".  If you san specify SSE-KMS type with your <kms id> in AWS KMS, you
              can set it after "kmsid:"(or "k:").  If you specify only "kmsid"("k"), you need  to
              set  AWSSSEKMSID  environment  which  value is <kms id>.  You must be careful about
              that you can not use the KMS id which is not same EC2 region.

       -o load_sse_c - specify SSE-C keys
              Specify  the  custom-provided  encryption  keys  file  path   for   decrypting   at
              downloading.   If  you  use  the  custom-provided  encryption key at uploading, you
              specify with "use_sse=custom".  The file has many lines, one line means one  custom
              key.   So  that  you  can  keep  all SSE-C keys in file, that is SSE-C key history.
              AWSSSECKEYS environment is as same as this file contents.

       -o passwd_file (default="")
              specify the path to the password  file,  which  which  takes  precedence  over  the
              password in $HOME/.passwd-s3fs and /etc/passwd-s3fs

       -o ahbe_conf (default="" which means disabled)
              This option specifies the configuration file path which file is the additional HTTP
              header by file(object) extension.
               The configuration file format is below:
               line         = [file suffix or regex] HTTP-header [HTTP-values]
               file  suffix   =  file(object)  suffix,  if  this  field  is   empty,   it   means
              "reg:(.*)".(=all object).
               regex        = regular expression to match the file(object) path. this type starts
              with "reg:" prefix.
               HTTP-header  = additional HTTP header name
               HTTP-values  = additional HTTP header value
               .gz                    Content-Encoding  gzip
               .Z                     Content-Encoding  compress
               reg:^/MYDIR/(.*)[.]t2$ Content-Encoding  text2
               A sample configuration file is uploaded in "test" directory.  If you specify  this
              option for set "Content-Encoding" HTTP header, please take care for RFC 2616.

       -o public_bucket (default="" which means disabled)
              anonymously mount a public bucket when set to 1, ignores the $HOME/.passwd-s3fs and
              /etc/passwd-s3fs files.  S3 does not allow copy object  api  for  anonymous  users,
              then  s3fs  sets  nocopyapi  option  automatically  when  public_bucket=1 option is

       -o connect_timeout (default="300" seconds)
              time to wait for connection before giving up.

       -o readwrite_timeout (default="60" seconds)
              time to wait between read/write activity before giving up.

       -o max_stat_cache_size (default="1000" entries (about 4MB))
              maximum number of entries in the stat cache

       -o stat_cache_expire (default is no expire)
              specify expire time(seconds) for entries  in  the  stat  cache.  This  expire  time
              indicates the time since stat cached.

       -o stat_cache_interval_expire (default is no expire)
              specify  expire  time(seconds)  for  entries in the stat cache. This expire time is
              based on the time from the last access time of the  stat  cache.   This  option  is
              exclusive  with  stat_cache_expire,  and  is  left  for  compatibility  with  older

       -o enable_noobj_cache (default is disable)
              enable cache entries for the object which does not exist.  s3fs always has to check
              whether  file(or  sub  directory)  exists  under  object(path)  when s3fs does some
              command, since s3fs has recognized a directory which does not exist and  has  files
              or  sub  directories  under  itself.   It  increases  ListBucket  request and makes
              performance bad.  You can specify this option for performance,  s3fs  memorizes  in
              stat cache that the object(file or directory) does not exist.

       -o no_check_certificate (by default this option is disabled)
              do  not  check  ssl  certificate.   server certificate won't be checked against the
              available certificate authorities.

       -o nodnscache - disable dns cache.
              s3fs is always using dns cache, this option make dns cache disable.

       -o nosscache - disable ssl session cache.
              s3fs is always using ssl session cache, this option make ssl session cache disable.

       -o multireq_max (default="20")
              maximum number of parallel request for listing objects.

       -o parallel_count (default="5")
              number  of  parallel  request  for  uploading  big  objects.   s3fs  uploads  large
              object(default:over  20MB)  by multipart post request, and sends parallel requests.
              This option limits parallel request count which  s3fs  requests  at  once.   It  is
              necessary to set this value depending on a CPU and a network band.

       -o multipart_size(default="10"(10MB))
              number  of  one  part  size  in  multipart  uploading request.  The default size is
              10MB(10485760byte), minimum value is 5MB(5242880byte).  Specify number  of  MB  and
              over 5(MB).

       -o ensure_diskfree(default the same as multipart_size value)
              sets  MB  to  ensure disk free space. This option means the threshold of free space
              size on disk which is used for the  cache  file  by  s3fs.   s3fs  makes  file  for
              downloading,  and  uploading  and caching files.  If the disk free space is smaller
              than this value, s3fs do  not  use  diskspace  as  possible  in  exchange  for  the

       -o url (default="")
              sets  the url to use to access Amazon S3. If you want to use HTTP, then you can set
              "url=".  If you do not use https,  please  specify  the  URL
              with the url option.

       -o endpoint (default="us-east-1")
              sets  the  endpoint to use.  If this option is not specified, s3fs uses "us-east-1"
              region as the default.  If the s3fs could not connect to the  region  specified  by
              this option, s3fs could not run.  But if you do not specify this option, and if you
              can not connect with the default region, s3fs will retry to  automatically  connect
              to  the  other  region.  So s3fs can know the correct region name, because s3fs can
              find it in an error from the S3 server.

       -o sigv2 (default is signature version 4)
              sets signing AWS requests by sing Signature Version 2.

       -o mp_umask (default is "0000")
              sets umask for the mount point directory.  If allow_other option is not  set,  s3fs
              allows  access  to  the  mount  point only to the owner.  In the opposite case s3fs
              allows access to all users as the default.  But if you  set  the  allow_other  with
              this  option,  you  can  control permissions of the mount point by this option like

       -o nomultipart - disable multipart uploads

       -o enable_content_md5 ( default is disable )
              verifying uploaded data without multipart by content-md5 header.   Enable  to  send
              "Content-MD5"  header  when  uploading a object without multipart posting.  If this
              option is enabled, it has some influences on a performance of s3fs  when  uploading
              small  object.   Because  s3fs  always checks MD5 when uploading large object, this
              option does not affect on large object.

       -o iam_role ( default is no IAM role )
              This option requires the IAM role name or "auto". If you specify "auto", s3fs  will
              automatically  use  the  IAM role names that are set to an instance. If you specify
              this option without any argument, it is the same as that  you  have  specified  the

       -o use_xattr ( default is not handling the extended attribute )
              Enable  to  handle the extended attribute(xattrs).  If you set this option, you can
              use the extended attribute.  For example, encfs and ecryptfs need  to  support  the
              extended  attribute.   Notice: if s3fs handles the extended attribute, s3fs can not
              work to copy command with preserve=mode.

       -o noxmlns - disable registering xml name space.
              disable  registering  xml  name  space  for  response   of   ListBucketResult   and
              ListVersionsResult    etc.    Default    name    space    is    looked    up   from
              "".  This option should not be specified now,
              because s3fs looks up xmlns automatically after v1.66.

       -o nocopyapi - for other incomplete compatibility object storage.
              For  a  distributed  object  storage which is compatibility S3 API without PUT(copy
              api).  If you set this option, s3fs do not use  PUT  with  "x-amz-copy-source"(copy
              api).  Because  traffic  is increased 2-3 times by this option, we do not recommend

       -o norenameapi - for other incomplete compatibility object storage.
              For a distributed object storage which is compatibility  S3  API  without  PUT(copy
              api).   This  option is a subset of nocopyapi option. The nocopyapi option does not
              use copy-api for all command(ex. chmod, chown, touch, mv,  etc),  but  this  option
              does not use copy-api for only rename command(ex. mv).  If this option is specified
              with nocopyapi, then s3fs ignores it.

       -o use_path_request_style (use legacy API calling style)
              Enable compatibility with S3-like  APIs  which  do  not  support  the  virtual-host
              request style, by using the older path request style.

       -o noua (suppress User-Agent header)
              Usually  s3fs  outputs  of  the  User-Agent in "s3fs/<version> (commit hash <hash>;
              <using ssl library name>)" format.  If this option is  specified,  s3fs  suppresses
              the output of the User-Agent.

       -o cipher_suites
              Customize  TLS  cipher  suite  list. Expects a colon separated list of cipher suite
              names.  A list of available cipher suites, depending on your  TLS  engine,  can  be
              found on the CURL library documentation:

       -o complement_stat (complement lack of file/directory mode)
              s3fs  complements  lack  of  information  about  file/directory mode if a file or a
              directory object does not have x-amz-meta-mode header.  As default, s3fs  does  not
              complements  stat  information for a object, then the object will not be able to be
              allowed to list/modify.

       -o notsup_compat_dir (not support compatibility directory types)
              As a default, s3fs supports objects of the directory type as much as  possible  and
              recognizes  them  as  directories.   Objects  that  can  be recognized as directory
              objects are "dir/", "dir", "dir_$folder$", and there is a file object that does not
              have  a  directory  object  but contains that directory path.  s3fs needs redundant
              communication to support all these directory types.  The object  as  the  directory
              created  by  s3fs  is  "dir/".   By  restricting s3fs to recognize only "dir/" as a
              directory, communication traffic can be reduced.  This option is used to give  this
              restriction  to s3fs.  However, if there is a directory object other than "dir/" in
              the bucket, specifying this option is not recommended.  s3fs may  not  be  able  to
              recognize  the  object correctly if an object created by s3fs exists in the bucket.
              Please use this option when the directory in the bucket is only "dir/" object.

       -o dbglevel (default="crit")
              Set  the  debug  message  level.   set   value   as   crit(critical),   err(error),
              warn(warning),  info(information)  to debug level. default debug level is critical.
              If s3fs run with "-d" option, the debug level is set information.  When s3fs  catch
              the signal SIGUSR2, the debug level is bumpup.

       -o curldbg - put curl debug message
              Put the debug message from libcurl when this option is specified.


       Most  of  the  generic mount options described in 'man mount' are supported (ro, rw, suid,
       nosuid, dev, nodev, exec, noexec, atime, noatime, sync async, dirsync).   Filesystems  are
       mounted  with  '-onodev,nosuid'  by  default, which can only be overridden by a privileged

       There are many FUSE specific mount options that can be specified.  e.g.  allow_other.  See
       the FUSE README for the full set.


       The maximum size of objects that s3fs can handle depends on Amazone S3. For example, up to
       5 GB when using single PUT API. And up to 5 TB is supported when Multipart Upload  API  is

       If enabled via the "use_cache" option, s3fs automatically maintains a local cache of files
       in the folder specified by use_cache. Whenever s3fs needs to read or write a file  on  S3,
       it  first  downloads  the  entire  file  locally  to the folder specified by use_cache and
       operates on it. When fuse_release() is called, s3fs will re-upload the file to  S3  if  it
       has been changed. s3fs uses md5 checksums to minimize downloads from S3.

       The  folder  specified  by use_cache is just a local cache. It can be deleted at any time.
       s3fs rebuilds it on demand.

       Local file caching works by calculating and comparing md5 checksums (ETag HTTP header).

       s3fs leverages /etc/mime.types to "guess" the "correct" content-type based  on  file  name
       extension.  This  means that you can copy a website to S3 and serve it up directly from S3
       with correct content-types!


       Due to S3's "eventual consistency" limitations, file creation can  and  will  occasionally
       fail. Even after a successful create, subsequent reads can fail for an indeterminate time,
       even after one or more successful reads.  Create  and  read  enough  files  and  you  will
       eventually  encounter  this  failure. This is not a flaw in s3fs and it is not something a
       FUSE wrapper like s3fs can work around. The retries option does not  address  this  issue.
       Your  application  must  either  tolerate or compensate for these failures, for example by
       retrying creates or reads.


       s3fs has been written by Randy Rizun <>.