Provided by: pmount_0.9.23-6_amd64 bug

NAME

       pmount - mount arbitrary hotpluggable devices as normal user

SYNOPSIS

       pmount [ options ] device

       pmount [ options ] device label

       pmount --lock [ options ] device pid

       pmount --unlock [ options ] device pid

       pmount

DESCRIPTION

       pmount  ("policy  mount")  is  a  wrapper  around the standard mount program which permits
       normal users to mount removable devices without a matching /etc/fstab entry.

       pmount also supports encrypted devices which use dm-crypt and have  LUKS  metadata.  If  a
       LUKS-capable  cryptsetup  is installed, pmount will use it to decrypt the device first and
       mount the mapped unencrypted device instead.

       pmount is invoked like this:

       pmount device [ label ]

       This will mount device to a directory below /media if policy is met (see below). If  label
       is given, the mount point will be /media/label, otherwise it will be /media/device.

       The      device      will      be      mounted      with      the     following     flags:
       async,atime,nodev,noexec,noauto,nosuid,user,rw

       Some applications like CD burners modify a raw device which must not be mounted while  the
       burning  process  is  in  progress. To prevent automatic mounting, pmount offers a locking
       mechanism: pmount --lock device pid will prevent the  pmounting  of  device  until  it  is
       unlocked  again using pmount --unlock device pid. The process id pid assigns the lock to a
       particular process; this allows one to lock a device by several processes.

       During mount, the list of locks is cleaned, i. e. all locks whose associated process  does
       not  exist  any  more  are  removed. This prevents forgotten indefinite locks from crashed
       programs.

       Running pmount without arguments prints the list of mounted removable devices,  a  bit  in
       the fashion of mount (1).

       Please  note  that  you  can  use  labels  and uuids as described in fstab (5) for devices
       present in /etc/fstab.   In  this  case,  the  device  name  need  to  match  exactly  the
       corresponding entry in /etc/fstab, including the LABEL= or UUID= part.

       Important  note  for  Debian: The permission to execute pmount is restricted to members of
       the system group plugdev. Please add all desktop users who shall be able to use pmount  to
       this group by executing

              adduser user plugdev

       (as root).

POLICY

       The mount will succeed if all of the following conditions are met:

       • device is a block device in /dev/device is not in /etc/fstab (if it is, pmount executes  mount device as the calling user
         to handle this transparently). See below for more details.

       • device is not already mounted according to /etc/mtab and /proc/mounts

       • if the mount point already exists, there is no device already  mounted  at  it  and  the
         directory is empty

       • device  is  removable (USB, FireWire, or MMC device, or /sys/block/drive/removable is 1)
         or whitelisted in /etc/pmount.allow.

       • device is not locked

OPTIONS

       -r, --read-only
              Force the device to be mounted read only. If neither -r nor -w  is  specified,  the
              kernel will choose an appropriate default.

       -w, --read-write
              Force  the  device to be mounted read/write. If neither -r nor -w is specified, the
              kernel will choose an appropriate default.

       -s, --sync
              Mount the device with the sync option, i. e.  without  write  caching.  Default  is
              async  (write-back).  With this option, write operations are much slower and due to
              the massive increase of updates of inode/FAT structures, flash devices  may  suffer
              heavily  if  you write large files. This option is intended to make it safe to just
              rip out USB drives without proper unmounting.

       -A, --noatime
              Mount the device with the noatime option. Default is atime.

       -e, --exec
              Mount the device with the exec option. Default is noexec.

       -t filesystem, --type filesystem
              Mount as specified  file  system  type.  The  file  system  type  is  automatically
              determined  if  this option is not given. See at the bottom for a list of currently
              supported filesystems.

       -c charset, --charset charset
              Use given I/O character set (default: utf8 if called in an UTF-8 locale,  otherwise
              mount default). This corresponds with the mount option iocharset (or nls for NTFS).
              This option is ignored for file systems that do not support setting  the  character
              set  (see  mount  (8)  for  details).   Important  note: pmount will now mount VFAT
              filesystems  with  iocharset=iso8859-1  as  iocharset=utf8  currently   makes   the
              filesystem case-sensitive (which is pretty bad...).

       -u umask, --umask umask
              Use  specified umask instead of the default one. For UDF, the default is '000', for
              VFAT and NTFS the default is '077'. This value is ignored for file systems which do
              not support setting an umask. Note that you can use a value of 077 to forbid anyone
              else to read/write the files, 027 to allow your group to read the files and 022  to
              allow anyone to read the files (but only you can write).

       --dmask dmask

       --fmask fmask
              Some  filesystems  (essentially  VFAT and HFS) supports separate umasks (see the -u
              option just above) for directories and files,  to  avoid  the  annoying  effect  of
              having  all files executable. For these filesystems, you can specify separately the
              masks using these options. By  default,  fmask  is  umask  without  all  executable
              permissions  and  dmask is umask.  Most of the times, these settings should just do
              what you want, so there should be seldom any need for using  directly  the  --fmask
              and --dmask options.

       -p file --passphrase file
              If  the device is encrypted (dm-crypt with LUKS metadata), read the passphrase from
              specified file instead of prompting at the terminal.

       -h, --help
              Print a help message and exit successfully.

       -d, --debug
              Enable verbose debug messages.

       -V, --version
              Print the current version number and exit successfully.

FILES

       /etc/pmount.allow
              List of devices  (one  device  per  line)  which  are  additionally  permitted  for
              pmounting.  Globs, such as /dev/sda[123] are permitted. See see glob (7) for a more
              complete syntax.

SEE ALSO

       pumount(1), mount(8)

SUPPORTED FILESYSTEMS

       For now, pmount supports the following filesystems: udf,  iso9660,  vfat,  ntfs,  hfsplus,
       hfs,  ext3, ext2, ext4, reiserfs, reiser4, xfs, jfs and omfs.  They are tried sequentially
       in that exact order when the filesystem is not specified.

       Additionally, pmount supports the filesystem types ntfs-fuse and  ntfs-3g  to  mount  NTFS
       volumes respectively with ntfsmount (1) or ntfs-3g (1). If the file /sbin/mount.ntfs-3g is
       found, then pmount will mount NTFS filestystems with type ntfs-3g rather than plain  ntfs.
       To  disable  this behavior, just specify -t ntfs on the command-line, as this happens only
       for autodetection.

MORE ABOUT FSTAB

       pmount now fully resolve all symlinks both in its input and in the /etc/fstab file,  which
       means  that if /dev/cdrom is a symlink to /dev/hdc and you try to mount /dev/hdc directly,
       pmount will delegate this to mount(1).  This is a feature, and it contrasts with  previous
       unclear behavior of pmount about symlinks in /etc/fstab.

KNOWN ISSUES

       Though we believe pmount is pretty much free from security problems, there are quite a few
       glitches that probably will never be fixed.

       • pmount needs to try several different times to mount to get the filesystem right in  the
         end;  it  is  vital  that pmount does know which precise filesystem to mount in order to
         give it the right options not to cause security holes. This is rather different from the
         behaviour  of  mount with the -t auto options, which can have a look at the device it is
         trying to mount and find out what its filesystem is.  pmount will never try  to  open  a
         device  and  look at it to find out which filesystem it is, as it might open quite a few
         security holes.  Moreover, the order in which the filesystems  are  tried  are  what  we
         could call the most commonly used filesystems on removable media. This order is unlikely
         to change as well. In particular, that means that when  you  mount  an  ext3  filesystem
         using pmount, you might get a lot of fs-related kernel error messages. Sorry !

       NOTE:  Starting  from  version  0.9.17,  pmount  uses  the  same mechanism as mount (1) to
       autodetect the filesystem type, so this kind of problems should not happen anymore.

AUTHOR

       pmount was originally developed by Martin Pitt  <martin.pitt@canonical.com>.   It  is  now
       maintained by Vincent Fourmond <fourmond@debian.org>.