NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | EXAMPLES | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES
mount attaches a file system to the file system hierarchy at the mount_point, which is the pathname of a directory. If mount_point has any contents prior to the mount operation, these are hidden until the file system is unmounted.
umount unmounts a currently mounted file system, which may be specified either as a mount_point or as special, the device on which the file system resides.
The table of currently mounted file systems can be found by examining the mounted file system information file. This is provided by a file system that is usually mounted on /etc/mnttab. The mounted file system information is described in mnttab(4). Mounting a file system adds an entry to the mount table; a umount command removes an entry from the table.
When invoked with both the special and mount_point arguments and the -F option, mount validates all arguments except for special and invokes the appropriate FSType-specific mount module. If invoked with no arguments, mount lists all the mounted file systems recorded in the mount table, /etc/mnttab. If invoked with a partial argument list (with only one of special or mount_point, or with both special or mount_point specified but not FSType), mount will search /etc/vfstab for an entry that will supply the missing arguments. If no entry is found, and the special argument starts with “/”, the default local file system type specified in /etc/default/fs will be used. Otherwise the default remote file system type will be used. The default remote file system type is determined by the first entry in the /etc/dfs/fstypes file. After filling in missing arguments, mount will invoke the FSType-specific mount module.
The -o and -S options can be used to assign any or all of the following mount-time security attributes to the named file system when appropriate: a sensitivity label, forced privilege(s), allowed privilege(s), a filesystem label range, or an MLD prefix. If -o or -S options are not used, mount also searches /etc/security/tsol/vfstab_adjunct for any security attributes that may be specified there for the file system being mounted.
Mount-time security attributes should be specified for file systems whose objects do not support the Trusted Solaris extended security attributes, such as sensitivity labels. When a required attribute is not specified at mount-time, a default value is applied. The defaults are described in the OPTIONS section, where the keywords are defined for the -S option.
File system types UFS, TMPFS, and NFS (from a Trusted Solaris server) have a full set of Trusted Solaris extended security attributes already defined. (See the getfsattr(1M) man page for how to get attributes on mounted file systems). Because the attributes can be changed on these file systems after they are mounted, they are called variable file systems. For example, the sensitivity label on a file in a variable file system can be changed by an authorized user. The security attributes on a variable file system can be overridden at mount time, but individual objects in the file system retain any attributes that were originally set on the objects.
File systems that do not support the Trusted Solaris extended security attributes are called fixed because any attributes assigned to them (either at mount time or by default) cannot be changed. For example, the sensitivity label specified at mount time for a fixed-attribute file system cannot be changed on any of the objects in that file system. An object that is moved or copied from the fixed file system to a variable file system can be changed after the move.
Mount-time security attributes override existing security attributes on a file system. However, mount-time attributes never override security attributes on the files and directories within the file system.
Without privilege, mount can be used to list mounted file systems and resources. To be able to mount and unmount, the mount command must have the sys_mount
privilege. The umount command must have the sys_mount
privilege. Because mounting a UFS file system enables/disables logging, it requires the sys_fs_config
privilege. Mandatory and discretionary read access is required both to the mount point and to the device
being mounted; otherwise, MAC or DAC override privileges are required as described in Intro(2). To succeed in all cases with
no error side effects, the mount command needs: file_mac_read
, file_dac_read
, file_mac_write
, file_dac_write
, file_mac_search
, file_dac_search
, net_privaddr
, proc_setsl
, sys_fs_config
, sys_mount
, and sys_trans_label
. To succeed in all cases, umount needs: file_mac_read
, file_dac_read
, file_mac_write
, file_dac_write
, file_mac_search
, and file_dac_search
.
When mounting a UFS file system, mount should assert the sys_fs_config
privilege. Otherwise, the mount succeeds, but logging is not enabled/disabled, errno is set to EPERM, and the user sees an error message.
Used to specify the FSType on which to operate. The FSType must be specified or must be determinable from /etc/vfstab, or by consulting /etc/default/fs or /etc/dfs/fstypes.
Perform mount or umount operations in parallel, when possible.
If mount points are not specified, mount will mount all file systems whose /etc/vfstab “mount at boot” field is “yes”. If mount points are specified, then /etc/vfstab “mount at boot” field will be ignored.
If mount points are specified, umount will only unmount those mount points. If none is specified, then umount will attempt to unmount all filesystems in /etc/mnttab, with the exception of certain system required file systems: /, /usr, /var, /proc, /dev/fd, and /tmp.
Forcibly unmount a file system.
Without this option, umount does not allow a file system to be unmounted if a file on the file system is busy. Using this option can cause data loss for open files; programs which access files after the file system has been unmounted will get an error (EIO).
Print the list of mounted file systems in the /etc/vfstab format. Must be the only option specified.
Print the list of mounted file systems in verbose format. Must be the only option specified.
Echo the complete command line, but do not execute the command. umount generates a command line by using the options and arguments provided by the user and adding to them information derived from /etc/mnttab. This option should be used to verify and validate the command line.
Options that are commonly supported by most FSType-specific command modules. The following options are available:
Mount the file system without making an entry in /etc/mnttab.
Globally mount the file system. On a clustered system, this globally mounts the file system on all nodes of the cluster. On a non-clustered system this has no effect.
Specify FSType-specific options in a comma separated (without spaces) list of suboptions and keyword-attribute pairs for interpretation by the FSType-specific module of the command. (See mount_ufs(1M))
Overlay mount. Allow the file system to be mounted over an existing mount point, making the underlying file system inaccessible. If a mount is attempted on a pre-existing mount point without setting this flag, the mount will fail, producing the error “device busy”.
Mount the file system read-only.
Specify in attribute_list a quoted semicolon-separated list of security attributes to associate with the filesystem mount. Each attribute is specified with a value assigned to a keyword in semicolon-separated fields. All keywords are optional and follow the format:
keyword=value |
Sets the sensitivity label for all objects in the file system. Specify the sensitivity label in hexadecimal or text format.
Specify one or more forced privileges for all executable files in the file system. Specify symbolic privilege name(s) in a comma-separated list (such as: forced=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no forced privileges being applied. See priv_desc(4). Any forced privileges must be a subset of the allowed privileges.
Specify one or more allowed privilege(s) for all executable files in the file system. Specify symbolic privilege names in a comma-separated list (such as: allowed=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no allowed privileges being applied. See priv_desc(4) for names of privileges. Any allowed privilege(s) must be a superset of the forced privileges.
Specify the lower bound of the file system label range as a sensitivity label in text format.
Specify the upper bound of the file system label range as a sensitivity label in text format.
Set a prefix to be used in the adorned names of multilevel directories. (See multilevel directories in the DEFINITIONS in Intro(2) for more about the MLD prefix.) Specify the value in text format (such as: .MLD. or .hidden.). On unlabeled (fixed attribute) file systems, the prefix generally has no useful effect—with the exception that an mld_prefix should be supplied if a variable filesystem is being mounted on the unlabeled filesystem and the root of the variable filesystem is an MLD.
Any of the above keywords may be omitted.
The semicolon separators between keyword/value pairs and any brackets used to specify sensitivity labels must be commented out so that the separators and brackets can be interpreted properly by the shell.
When a keyword appears without an attribute value or when a keyword is missing, a default value is assigned to that attribute. The default values for fixed attribute file systems are:
The default sensitivity label of a fixed file system being mounted from a local device (such as a hard disk, floppy, or CD-ROM) is the sensitivity label of the device. For an allocated device, the file system is assigned the sensitivity label at which the device was allocated.
None
None
ADMIN_LOW
ADMIN_HIGH
None
For example, the assignment of forced=; results in the default of “none” being applied.
Most of the keyword=value pairs used to specify security attributes with the -S option can be entered directly under the -o option—with one caveat. Since mount options are comma-separated, any security attribute specified with a keyword followed by multiple values separated by commas is not allowed after -o. See Example 2.
See largefile(5) for the description of the behavior of mount and umount when encountering files greater than or equal to 2 Gbyte (231 bytes).
In this example, the -o is used to assign security attributes.
% mount -F tmpfs -o allowed=all,slabel=c swap /mnt |
Trusted Solaris security attributes that are separated with commas cannot be passed to the -o option. Therefore, use the -S option.
% mount -F tmpfs -S "allowed=all;forced=proc_tranquil,proc_dumpcore" \\ swap /mnt |
These security attributes cannot be entered with the -o option since the comma separator in the privileges list would be interpreted as the start of a new option.
Mount table
Default local file system type. Default values can be set for the following flags in /etc/default/fs. For example: LOCAL=ufs
The default partition for a command if no FSType is specified.
List of default parameters for each file system.
Mount-time attributes for file systems.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE |
ATTRIBUTE VALUE |
---|---|
Availability |
SUNWcsu |
Trusted Solaris security policy applies when mounting and unmounting file systems.
Mount-time security attributes may be specified by using mount with the -o or -S option on the command line or by specifying the attributes in the vfstab_adjunct file. Mount-time security attributes override existing security attributes on a file system. However, they never override security attributes on the files and directories within the file system. When access-control decisions are made, security attributes on a file or directory take precedence over security attributes specified either at the filesystem level or at mount time.
Except when merely listing mounted file systems and resources, mount must run with the sys_mount
privilege. umount also must run with the sys_mount
privilege. To succeed in all
cases, mount needs: file_mac_read
, file_dac_read
, file_mac_write
, file_dac_write
, file_mac_search
, file_dac_search
, net_privaddr
, proc_setsl
, sys_mount
, and sys_trans_label
.
When mounting a UFS file system, mount should assert the sys_fs_config
privilege. Otherwise, the mount succeeds, but logging is not enabled/disabled, errno is set to EPERM, and
the user sees an error message.
getfsattr(1M), getmldadorn(1), mount_hsfs(1M), mount_nfs(1M), mount_pcfs(1M), mount_tmpfs(1M), mount_ufs(1M), mountall(1M), setfsattr(1M), priv_desc(4), vfstab(4), vfstab_adjunct(4)
Trusted Solaris Administrator's Procedures
If the directory on which a file system is to be mounted is a symbolic link, the file system is mounted on the directory to which the symbolic link refers, rather than on top of the symbolic link itself.
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | USAGE | EXAMPLES | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO | NOTES