Provided by: bindfs_1.12.3-1_amd64 bug

NAME

       bindfs ‐ mount --bind in user-space

SYNOPSIS

       bindfs [options] dir mountpoint

DESCRIPTION

       A  FUSE  filesystem  for  mirroring  the  contents  of  a  directory to another directory.
       Additionally, one can change the permissions of files in the mirrored directory.

FILE OWNERSHIP

       -u, --force-user, -o force-user=...
              Makes all files owned by the specified user.  Also  causes  chown  on  the  mounted
              filesystem to always fail.

       -g, --force-group=group, -o force-group=...
              Makes  all  files  owned  by the specified group.  Also causes chgrp on the mounted
              filesystem to always fail.

       -p, --perms=permissions, -o perms=...
              Takes a comma- or colon-separated list of chmod-like permission  specifications  to
              be applied to the permission bits in order.  See PERMISSION SPECIFICATION below for
              details.

              This only affects how the permission bits of existing files are altered when  shown
              in the mounted directory. You can use --create-with-perms to change the permissions
              that newly created files get in the source directory.

              Note that, as usual, the root user isn't bound by the permissions  set  here.   You
              can get a truly read-only mount by using -r.

       -m, --mirror=user1:user2:..., -o mirror=...
              Takes  a  comma-  or  colon-separated  list of users who will see themselves as the
              owners of all files. Users who are not listed here will still be able to access the
              mount if the permissions otherwise allow them to.

              You  can  also  give  a  group name prefixed with an '@' to mirror all members of a
              group. This will not change which group the files are shown to have.

       -M, --mirror-only=user1:user2:..., -o mirror-only=...
              Like --mirror but disallows access for all other users (except root).

       --map=user1/user2:@group1/@group2:..., -o map=...
              Given a mapping user1/user2, all files owned by user1 are shown as owned by  user2.
              When  user2  creates  files, they are chowned to user1 in the underlying directory.
              When files are chowned to user2, they  are  chowned  to  user1  in  the  underlying
              directory. Works similarly for groups.

              A  single  user  or  group may appear no more than once on the left and once on the
              right of a slash in the list of mappings.   Currently,  the  options  --force-user,
              --force-group,  --mirror,  --create-for-*,  --chown-*  and  --chgrp-*  override the
              corresponding behavior of this option.

              Requires mounting as root.

FILE CREATION POLICY

       New files and directories are created so they are owned by the mounter.   bindfs  can  let
       this  happen  (the  default  for  normal  users), or it can try to change the owner to the
       uid/gid of the process that wants to create the file (the default for root).  It  is  also
       possible to have bindfs try to change the owner to a particular user or group.

       --create-as-user, -o create-as-user
              Tries to change the owner and group of new files and directories to the uid and gid
              of the caller. This can work only if the mounter is root.  It is also  the  default
              behavior (mimicing mount --bind) if the mounter is root.

       --create-as-mounter, -o create-as-mounter
              All  new  files  and directories will be owned by the mounter.  This is the default
              behavior for non-root mounters.

       --create-for-user=user, -o create-for-user=...
              Tries to change the owner of new files and directories to the user specified  here.
              This   can   work  only  if  the  mounter  is  root.   This  option  overrides  the
              --create-as-user and --create-as-mounter options.

       --create-for-group=group, -o create-for-group=...
              Tries to change the owning  group  of  new  files  and  directories  to  the  group
              specified  here.  This can work only if the mounter is root.  This option overrides
              the --create-as-user and --create-as-mounter options.

       --create-with-perms=permissions, -o create-with-perms=...
              Works like --perms but is applied to the permission bits of new files  get  in  the
              source  directory.   Normally  the  permissions of new files depend on the creating
              process's preferences  and  umask.   This  option  can  be  used  to  modify  those
              permissions  or  override  them completely.  See PERMISSION SPECIFICATION below for
              details.

CHOWN/CHGRP POLICY

       The behaviour on chown/chgrp calls can be changed. By default they are passed  through  to
       the  source directory even if bindfs is set to show a fake owner/group. A chown/chgrp call
       will only succeed if the user has enough mirrored permissions to chmod the  mirrored  file
       AND the mounter has enough permissions to chmod the real file.

       --chown-normal, -o chown-normal
              Tries to chown the underlying file. This is the default.

       --chown-ignore, -o chown-ignore
              Lets  chown succeed (if the user has enough mirrored permissions) but actually does
              nothing. A combined chown/chgrp is effectively turned into a chgrp-only request.

       --chown-deny, -o chown-deny
              Makes chown always fail with a 'permission denied' error.  A  combined  chown/chgrp
              request will fail as well.

       --chgrp-normal, -o chgrp-normal
              Tries to chgrp the underlying file. This is the default.

       --chgrp-ignore, -o chgrp-ignore
              Lets  chgrp succeed (if the user has enough mirrored permissions) but actually does
              nothing. A combined chown/chgrp is effectively turned into a chown-only request.

       --chgrp-deny, -o chgrp-deny
              Makes chgrp always fail with a 'permission denied' error.  A  combined  chown/chgrp
              request will fail as well.

CHMOD POLICY

       Chmod  calls  are forwarded to the source directory by default.  This may cause unexpected
       behaviour if bindfs is altering permission bits.

       --chmod-normal, -o chmod-normal
              Tries to chmod the  underlying  file.  This  will  succeed  if  the  user  has  the
              appropriate  mirrored  permissions  to  chmod the mirrored file AND the mounter has
              enough permissions to chmod the real file.  This is the default (in order to behave
              like mount --bind by default).

       --chmod-ignore, -o chmod-ignore
              Lets  chmod succeed (if the user has enough mirrored permissions) but actually does
              nothing.

       --chmod-deny, -o chmod-deny
              Makes chmod always fail with a 'permission denied' error.

       --chmod-filter=permissions,, -o chmod-filter=...
              Changes the permission bits of a chmod request before it is applied to the original
              file.  Accepts the same permission syntax as --perms.  See PERMISSION SPECIFICATION
              below for details.

       --chmod-allow-x, -o chmod-allow-x
              Allows  setting  and  clearing  the  executable  attribute  on   files   (but   not
              directories).  When  used with --chmod-ignore, chmods will only affect execute bits
              on files and changes to other bits are discarded.  With  --chmod-deny,  all  chmods
              that  would  change  any  bits except excecute bits on files will still fail with a
              'permission denied'.  This option does nothing with --chmod-normal.

XATTR POLICY

       Extended attributes are mirrored by  default,  though  not  all  underlying  file  systems
       support xattrs.

       --xattr-none, -o xattr-none
              Disable  extended  attributes altogether. All operations will return 'Operation not
              supported'.

       --xattr-ro, -o xattr-ro
              Let extended attributes be read-only.

       --xattr-rw, -o xattr-rw
              Let extended attributes be read-write (the default).   The  read/write  permissions
              are checked against the (possibly modified) file permissions inside the mount.

MISCELLANEOUS OPTIONS

       -h, --help
              Displays a help message and exits.

       -V, --version
              Displays version information and exits.

       -n, --no-allow-other, -o no-allow-other
              Does  not  add  -o  allow_other  to  FUSE  options.   This  causes  the mount to be
              accessible only by the current user.

       --realistic-permissions, -o realistic-permissions
              Hides read/write/execute permissions for a mirrored file when the  mounter  doesn't
              have  read/write/execute  access  to the underlying file.  Useless when mounting as
              root, since root will always have full access.

              (Prior to version 1.10 this option was the default behavior.  I  felt  it  violated
              the principle of least surprise badly enough to warrant a small break in backwards-
              compatibility.)

       --ctime-from-mtime, -o ctime-from-mtime
              Recall that a unix file has three standard timestamps: atime (last access i.e. read
              time),  mtime  (last  content  modification  time)  ctime (last content or metadata
              (inode) change time)

              With this option, the ctime of each file and directory is read from its mtime.   In
              other  words,  only  content modifications (as opposed to metadata changes) will be
              reflected in a mirrored file's ctime.  The underlying file's ctime  will  still  be
              updated normally.

       --hide-hard-links, -o hide-hard-links
              Shows the hard link count of all files as 1.

       --multithreaded, -o multithreaded
              Run  bindfs in multithreaded mode. While bindfs is designed to be otherwise thread-
              safe, there is currently a race condition that may pose a security  risk  for  some
              use cases. See BUGS below.

FUSE OPTIONS

       -o options
              Fuse options.

       -r, -o ro
              Make the mount strictly read-only.  This even prevents root from writing to it.  If
              this is all you need, then (since Linux 2.6.26) you can get a more  efficent  mount
              with mount --bind and then mount -o remount,ro.

       -d, -o debug
              Enable debug output (implies -f).

       -f     Foreground operation.

PERMISSION SPECIFICATION

       The  -p  option  takes a comma- or colon-separated list of either octal numeric permission
       bits  or  symbolic  representations  of   permission   bit   operations.    The   symbolic
       representation  is based on that of the  chmod(1) command.  setuid, setgid and sticky bits
       are ignored.

       This program extends the chmod symbolic representation with the following operands:

       `D' (right hand side)
           Works like X but applies only to directories (not to executables).

       `d' and `f' (left hand side)
           Makes this directive only apply to directories (d) or files (f).
           e.g. gd-w would remove the group write bit from all directories.

       `u', `g', `o' (right hand side)
           Uses the user (u), group (g) or others (o) permission bits of
           the original file.
           e.g. g=u would copy the user's permission bits to the group.
                ug+o would add the others' permissions to the owner and group.

       Examples

       o-rwx  Removes all permission bits from others.

       g=rD   Allows group to read all files and enter all directories, but nothing else.

       0644,a+X
              Sets permission bits to  0644  and  adds  the  execute  bit  for  everyone  to  all
              directories and executables.

       og-x:og+rD:u=rwX:g+rw
              Removes  execute  bit  for  others  and  group, adds read and directory execute for
              others  and  group,  sets   user   permissions   to   read,   write   and   execute
              directory/executable, adds read and write for group.

EXAMPLES


       bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite

              Publishes a website in public_html so that only the 'www' user can read the site.

       bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt

              Gives access to 'foo', 'bar', the user with the UID 1007 as well as everyone in the
              group 'mygroup'. Sets the permission bits to 0600, thus giving the specified  users
              read/write access, and adds the user execute bit for directories and executables.

       bindfs -ono-allow-other,perms=a-w somedir somedir

              Makes a directory read-only and accessable only by the current user.

       bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0

              An example /etc/fstab entry. Note that the colon must be used to separate arguments
              to perms, because the comma is an option separator in /etc/fstab.

NOTES

       Setuid and setgid bits have no effect inside the mount.   This  is  a  necessary  security
       feature of FUSE.

       MacFuse  caches file contents by default.  This means that changes in source files are not
       always immediately visible under the mount point.  -o nolocalcaches can be used to disable
       the cache.

       When  using  --mirror[-only]  @somegroup,  bindfs  won't see changes to the group's member
       list.  Sending bindfs a SIGUSR1 signal will make it reread the user database.

BUGS

       If bindfs is run in  multithreaded  mode  (with  the  --multithreaded  option)  then  it's
       possible  for  another  process  to  briefly  see a file with an incorrect owner, group or
       permissions.  This may constitute a  security  risk  if  you  rely  on  bindfs  to  reduce
       permissions  on  new  files.  For  this  reason, as of version 1.11 bindfs runs in single-
       threaded mode by default.

       Please report bugs and/or send pull requests to https://github.com/mpartel/bindfs/issues.

DEPRECATIONS

       The option names --user and --group were deprecated and  replaced  with  --force-user  and
       --force-group in version 1.12.  The former names clashed with standard option names.  They
       are still available but their use is discouraged and prints a warning. The synonym --owner
       is also deprecated for consistency.

AUTHOR

       Martin Pärtel <martin dot partel at gmail dot com>

SEE ALSO

       chmod(1), fusermount(1), http://bindfs.org/

                                                                                        BINDFS(1)