umount(1M)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO | NOTES

NAME

mount, umount- Mount or unmount file systems and remote resources

SYNOPSIS

mount [-p| -v]
mount [-F   FSType] [generic_options] [-o   specific_options] [-O] special| mount_point
mount [-F   FSType] [generic_options] [-o   specific_options] [-O] [-S   attribute_list] special mount_point
mount -a [-F   FSType] [-V] [current_options] [-o   specific_options] [-S   attribute_list] [mount_point...]
umount [-V] [-o   specific_options] special| mount_point
umount -a [-V] [-o   specific_options] [mount_point...]

DESCRIPTION

mount attaches a file system to the file system hierarchy at the mount_point , which is the pathname of a directory. If mount_point has any contents prior to the mount operation, these are hidden until the file system is unmounted.

umount unmounts a currently mounted file system, which may be specified either as a mount_point or as special , the device on which the file system resides.

mount and umount maintain a table of mounted file systems in /etc/mnttab , which is described in mnttab(4) . mount adds an entry to the mount table; umount removes an entry from the table.

When invoked with both the special and mount_point arguments and the -F option, mount validates all arguments except for special and invokes the appropriate FSType -specific mount module. If invoked with no arguments, mount lists all the mounted file systems recorded in the mount table, /etc/mnttab . If invoked with a partial argument list (with only one of special or mount_point , or with both special or mount_point specified but not FSType ), mount will search /etc/vfstab for an entry that will supply the missing arguments. If no entry is found, and the special argument starts with "/", the default local file system type specified in /etc/default/fs will be used. Otherwise the default remote file system type will be used. The default remote file system type is determined by the first entry in the /etc/dfs/fstypes file. After filling in missing arguments, mount will invoke the FSType -specific mount module.

The -S option can be used to assign any or all of the following mount-time security attributes to the named file system when appropriate: an ACL , a mode, a user ID , a group ID , a sensitivity label, forced privilege(s), allowed privilege(s), a file attribute flag, a filesystem label range, or an MLD prefix. If the -S option is not used, mount also searches /etc/security/tsol/vfstab_adjunct for any security attributes that may be specified there for the file system being mounted. Specifying mount-time attributes is useful only when mounting file systems that do not support the attributes.

Mount-time security attributes should be specified for file systems whose objects do not have any attributes, such as user and group ID s, and for file systems whose objects do not support the Trusted Solaris extended security attributes, such as sensitivity labels. When a required attribute is not specified at mount-time, a default value is applied. The defaults are described in the OPTIONS section, where the keywords are defined for the -S option.

File system types UFS , TMPFS , and NFS (from a Trusted Solaris server) have a full set of Trusted Solaris extended security attributes already defined. (See the getfsattr(1M) man page for how to get attributes on mounted file systems). Because the attributes can be changed on these file systems after they are mounted, they are called variable file systems. For example, the sensitivity label on a file in a variable file system can be changed by an authorized user. The security attributes on a variable file system can be overridden at mount time, but individual objects in the file system retain any attributes that were originally set on the objects.

File systems that do not support the Trusted Solaris extended security attributes are called fixed because any attributes assigned to them (either at mount time or by default) cannot be changed. For example, the sensitivity label specified at mount time for a fixed-attribute file system cannot be changed on any of the objects in that file system. An object that is moved or copied from the fixed file system to a variable file system can be changed after the move.

Mount-time security attributes override existing security attributes on a file system. However, mount-time attributes never override security attributes on the files and directories within the file system.

Without privilege, mount can be used to list mounted file systems and resources. To be able to mount and unmount, the mount command must have the sys_mount privilege and must run with an effective UID of 0 . The umount command must have the sys_mount privilege. Mandatory and discretionary read access is required both to the mount point and to the device being mounted; otherwise, MAC or DAC override privileges are required as described in Intro(2) . To succeed in all cases, mount needs: file_mac_read , file_dac_read , file_mac_write , file_dac_write , file_mac_search , file_dac_search , net_privaddr , proc_setsl , proc_setil , sys_mount , and sys_trans_label . To succeed in all cases, umount needs: file_mac_read , file_dac_read , file_mac_write , file_dac_write , file_mac_search , and file_dac_search .

OPTIONS

-F FSType

Used to specify the FSType on which to operate. The FSType must be specified or must be determinable from /etc/vfstab , or by consulting /etc/default/fs or /etc/dfs/fstypes .

-a [ mount_points . . . ]

Perform mount or umount operations in parallel, when possible.

If mount points are not specified, mount will mount all file systems whose /etc/vfstab "mount at boot" field is "yes". If mount points are specified, then /etc/vfstab "mount at boot" field will be ignored.

If mount points are specified, umount will only unmount those mount points. If none is specified, then umount will attempt to unmount all filesystems in /etc/mnttab , with the exception of certain system required file systems: / , /usr , /var , /proc , /dev/fd , and /tmp .

-p

Print the list of mounted file systems in the /etc/vfstab format. Must be the only option specified.

-v

Print the list of mounted file systems in verbose format. Must be the only option specified.

-V

Echo the complete command line, but do not execute the command. umount generates a command line by using the options and arguments provided by the user and adding to them information derived from /etc/mnttab . This option should be used to verify and validate the command line.

generic_options

Options that are commonly supported by most FSType -specific command modules. The following options are available:

-m

Mount the file system without making an entry in /etc/mnttab .

-g

Globally mount the file system. On a clustered system, this globally mounts the file system on all nodes of the cluster. On a non-clustered system this has no effect.

-o

Specify FSType -specific options in a comma separated (without spaces) list of suboptions and keyword-attribute pairs for interpretation by the FSType -specific module of the command. (See mount_ufs(1M) )

-O

Overlay mount. Allow the file system to be mounted over an existing mount point, making the underlying file system inaccessible. If a mount is attempted on a pre-existing mount point without setting this flag, the mount will fail, producing the error "device busy".

-r

Mount the file system read-only.

-S attribute_list

Specify in attribute_list a quoted semicolon-separated list of security attributes to associate with the file-system mount. Each attribute is specified with a value assigned to a keyword in semicolon-separated fields. All keywords are optional and follow the format:

---

keyword=value

---

where keyword is one of the following:

acc_acl

Sets the same ACL on all files or directories in the file system. See aclfromtext(3) for the format.

mode

Sets a DAC permission mode for each object in the file system. The only supported mode is the absolute mode, which is specified using octal numbers. See the description for the absolute-mode parameter on the chmod(1) man page. (Because the mode is an object-level attribute that has precedence over any mount-time attributes, setting a mode is only useful in the rare case when the type of file system being mounted does not support permission bits. In such cases, it is recommended that an explicit value be specified for the mode.)

attr_flg

Sets an attribute flag on all files in the file system. The only supported attr_flag value is public , whose effect is that when certain read operations are performed on any object in the file system on which this flag is set, audit records are not generated even when the operations are part of a preselected audit class, with the following exception. If the audit pseudo event for use of privilege ( AUE_UPRIV ) is included in a preselected audit class and if the operation involves the use of privilege), then an audit record is always generated. With the previous exception, the read operations for which audit records are not generated when the public flag is set are: access(2) , fgetcmwlabel(2) , fgetsldname(2) , fstatvfs(2) , getcmwfsrange(2) , getcmwlabel(2) , getfpriv(2) , getmldadorn(2) , getsldname(2) , lgetcmwlabel(2) , lstat(2) , open(2) --read only, pathconf(2) , preadl(2) , readl(2) , readlink(2) , stat(2) , statvfs(2) , mldlstat(3) , and mldstat(3) . See Trusted Solaris Audit Administration and Trusted Solaris Administrator's Procedures for more details.

gid

Sets the group ID for all objects in the file system. (Because the GID is an object-level attribute that has precedence over any mount-time attributes, setting this is only useful in the rare case when the type of file system being mounted does not have GID s on its files or directories. In such cases, it is recommended that an explicit value be specified for the GID .)

uid

Sets the user ID for all objects in the file system. (Because the UID is an object-level attribute that has precedence over any mount-time attributes, setting this is only useful in the rare case when the type of file system being mounted does not have UID s on its files or directories. In such cases, it is recommended that an explicit value be specified for the UID .)

slabel

Sets the sensitivity label for all objects in the file system. Specify the sensitivity label in hexadecimal or text format.

forced

Specify one or more forced privileges for all executable files in the file system. Specify symbolic privilege name(s) in a comma-separated list (such as: forced=file_audit, file_chown; ) or use all to indicate all privileges. Using none or omitting the keyword results in no forced privileges being applied. See priv_desc(4) . Any forced privileges must be a subset of the allowed privileges.

allowed

Specify one or more allowed privilege(s) for all executable files in the file system. Specify symbolic privilege names in a comma-separated list (such as: allowed=file_audit, file_chown; ) or use all to indicate all privileges. Using none or omitting the keyword results in no allowed privileges being applied. See priv_desc(4) for names of privileges. Any allowed privilege(s) must be a superset of the forced privileges.

low_range

Specify the lower bound of the file system label range as a sensitivity label in text format.

hi_range

Specify the upper bound of the file system label range as a sensitivity label in text format.

mld_prefix

Set a prefix to be used in the adorned names of multilevel directories. (See multilevel directories in the DEFINITIONS in Intro(2) for more about the MLD prefix.) Specify the value in text format (such as: .MLD. or .hidden. ). On unlabeled (fixed attribute) file systems, the prefix generally has no useful effect--with the exception that an mld_prefix should be supplied if a variable filesystem is being mounted on the unlabeled filesystem and the root of the variable filesystem is an MLD .

Any of the above keywords may be omitted.

---

only -

Note: The semicolon separators between keyword/value pairs and any brackets used to specify sensitivity labels must be commented out so that the separators and brackets can be interpreted properly by the shell.

---

When a keyword appears without an attribute value or when a keyword is missing, a default value is assigned to that attribute. The default values for fixed attribute file systems are:

acc_acl

None

mode

The mode should always be explictly set for file systems that do not support file access modes, such as MS-DOS ( pcfs type) file systems.

attr_flag

None

gid

The GID should always be explictly set for file systems that do not support group ID s, such as MS-DOS ( pcfs type) file systems.

uid

The UID should always be explictly set for file systems that do not support user ID s, such as MS-DOS ( pcfs type) file systems.

slabel

The default sensitivity label of a fixed file system being mounted from a local device (such as a hard disk, floppy, or CD-ROM ) is the sensitivity label of the device. For an allocated device, the file system is assigned the sensitivity label at which the device was allocated.

forced

None

allowed

None

low_range

ADMIN_LOW

hi_range

ADMIN_HIGH

mld_prefix

None

For example, the assignment of forced=; results in the default of "none" being applied.

USAGE

See largefile(5) for the description of the behavior of mount and umount when encountering files greater than or equal to 2 Gbyte (2 ³¹ bytes).

SUMMARY OF TRUSTED SOLARIS CHANGES

Trusted Solaris security policy applies when mounting and unmounting file systems.

Mount-time security attributes may be specified either by using mount with the -S option on the command line or by specifying the attributes in the vfstab_adjunct file. Mount-time security attributes override existing security attributes on a file system. However, they never override security attributes on the files and directories within the file system. When access-control decisions are made, security attributes on a file or directory take precedence over security attributes specified either at the filesystem level or at mount time.

Except when merely listing mounted file systems and resources, mount must run with an effective UID of 0 and with the sys_mount privilege. umount also must run with an effective UID of 0 and with the sys_mount privilege. To succeed in all cases, mount needs: file_mac_read , file_dac_read , file_mac_write , file_dac_write , file_mac_search , file_dac_search , net_privaddr , proc_setsl , proc_setil , sys_mount , and sys_trans_label .

---

only -

Information labels ( IL s) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any IL s on communications and files from systems running earlier releases as ADMIN_LOW .

Objects still have CMW labels, and CMW labels still include the IL component: IL[SL] ; however, the IL component is fixed at ADMIN_LOW .

As a result, Trusted Solaris 7 has the following characteristics:

• IL s do not display in window labels; SL s (Sensitivity Labels) display alone within brackets.

• IL s do not float.

• Setting an IL on an object has no effect.

• Getting an object's IL will always return ADMIN_LOW .

• Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting IL s are always ADMIN_LOW , and cannot be set on any objects.

• Options related to information labels in the label_encodings(4) file can be ignored:

  Markings Name= Marks; 
  Float Process Information Label;

---

FILES

/etc/mnttab

Mount table

/etc/default/fs

Default local file system type. Default values can be set for the following flags in /etc/default/fs . For example:

---

LOCAL=ufs

Specifies that LOCAL: is the default partition for a command if no FSType is specified.

---

/etc/vfstab

List of default parameters for each file system.

/etc/security/tsol/vfstab_adjunct

Mount-time attributes for file systems.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu

SEE ALSO

Trusted Solaris 7 Reference Manual

getfsattr(1M) , getmldadorn(1) , mount_hsfs(1M) , mount_nfs(1M) , mount_pcfs(1M) , mount_tmpfs(1M) , mount_ufs(1M) , mountall(1M) , setfsattr(1M) , setmnt(1M) , mnttab(4) , priv_desc(4) , vfstab(4) , vfstab_adjunct(4)

Trusted Solaris Administrator's Procedures

SunOS 5.7 Reference Manual

setfacl(1) , mount_cachefs(1M) , default_fs(4) , attributes(5)

NOTES

If the directory on which a file system is to be mounted is a symbolic link, the file system is mounted on the directory to which the symbolic link refers, rather than on top of the symbolic link itself.

Trusted Solaris 7  Last Revised 30 Sep 1999

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | SUMMARY OF TRUSTED SOLARIS CHANGES | FILES | ATTRIBUTES | SEE ALSO | NOTES