File: bindfs.1

package info (click to toggle)
bindfs 1.8-1
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 1,504 kB
  • ctags: 148
  • sloc: sh: 8,955; ansic: 1,388; ruby: 120; makefile: 56
file content (246 lines) | stat: -rw-r--r-- 7,880 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
.TH BINDFS 1

.SH NAME
bindfs \(hy mount \-\-bind in user\-space

.SH SYNOPSIS
\fBbindfs\fP [\fIoptions\fP]\fI dir mountpoint

.SH DESCRIPTION
A FUSE filesystem for mirroring the contents of a directory to another
directory. Additionally, one can change the permissions
of files in the mirrored directory.

.SH OPTIONS
.TP
.B \-h, \-\-help
Displays a help message and exits.

.TP
.B \-V, \-\-version
Displays version information and exits.

.TP
.B \-u, \-\-user, \-\-owner=\fIuser\fP, \-o owner=...
Makes all files owned by the specified user.
Also causes chown on the mounted filesystem to always fail.

.TP
.B \-g, \-\-group=\fIgroup\fP, \-o group=...
Makes all files owned by the specified group.
Also causes chgrp on the mounted filesystem to always fail.

.TP
.B \-p, \-\-perms=\fIpermissions\fP, \-o perms=...
Takes a comma\- or colon\-separated list of chmod\-like permission
specifications to be applied to the permission bits in order.
See \fB\%PERMISSION \%SPECIFICATION\fP below for details.

This only affects how the permission bits of existing files are altered
when shown in the mounted directory. You can use \-\-create\-with\-perms to
change the permissions newly created files get in the source directory.

.TP
.B \-m, \-\-mirror=\fIusers\fP, \-o mirror=...
Takes a comma\- or colon\-separated list of users who will see themselves as
the owners of all files. Users who are not listed here will still be able
to access the mount if the permissions otherwise allow them to.

You can also give a group name prefixed with an '@' to mirror all members of
a group. This will not change which group the files are shown to have.

.TP
.B \-M, \-\-mirror\-only=\fIusers\fP, \-o mirror\-only=...
Like \fB\-\-mirror\fP but disallows access for all other users (except root).

.TP
.B \-n, \-\-no\-allow\-other, \-o no\-allow\-other
Does not add \fB\-o allow_other\fP to FUSE options.
This causes the mount to be accessible only by the current user.

.SH FILE CREATION POLICY
New files and directories are created so they are owned by the mounter.
bindfs can let this happen (the default for normal users),
or it can try to change the owner to the uid/gid of the process that
wants to create the file (the default for root).  It is also possible to
force bindfs to try to change the owner to a particular user or group.

.TP
.B \-\-create\-as\-user, \-o create\-as\-user
Tries to change the owner and group of new files and directories to the
uid and gid of the caller. This can work only if the mounter is root.
It is also the default behavior (mimicing mount \-\-bind) if the mounter is root.

.TP
.B \-\-create\-as\-mounter, \-o create\-as\-mounter
All new files and directories will be owned by the mounter.
This is the default behavior for non\-root mounters.

.TP
.B \-\-create\-for\-user=\fIuser\fP, \-o create\-for\-user=...
Tries to change the owner of new files and directories to the user
specified here.  This can work only if the mounter is root.  This
option overrides the \-\-create\-as\-user and \-\-create\-as\-mounter options.

.TP
.B \-\-create\-for\-group=\fIgroup\fP, \-o create\-for\-group=...
Tries to change the owning group of new files and directories to the 
group specified here.  This can work only if the mounter is root.  This
option overrides the \-\-create\-as\-user and \-\-create\-as\-mounter options.

.TP
.B \-\-create\-with\-perms=\fIpermissions\fP, \-o create\-with\-perms=...
Works like \-\-perms but is applied to the permission bits of new files
get in the source directory.
Normally the permissions of new files depend on the creating process's
preferences and umask.
This option can be used to modify those permissions or override
them completely.
See \fB\%PERMISSION \%SPECIFICATION\fP below for details.


.SH CHMOD POLICY
Chmod calls are forwarded to the source directory by default.
This may cause unexpected behaviour if bindfs is altering permission bits.
Note that regardless of the options given below, if the \fB\-u\fP and \fB\-g\fP
options are given then chown and chgrp respectively will always fail.

.TP
.B \-\-chmod\-normal, \-o chmod\-normal
Tries to chmod the underlying file. This will succeed if the user has
the appropriate mirrored permissions to chmod the mirrored file AND
the mounter has enough permissions to chmod the real file.
This is the default (in order to behave like mount \-\-bind by default).

.TP
.B \-\-chmod\-ignore, \-o chmod\-ignore
Lets chmod succeed (if the user has enough mirrored permissions)
but actually does nothing.

.TP
.B \-\-chmod\-deny, \-o chmod\-deny
Has chmod always fail with a 'permission denied' error.

.SH XATTR POLICY
Extended attributes are read\-only by default.

.TP
.B \-\-xattr\-none, \-o xattr\-none
Disable extended attributes altogether. All operations will
return 'Operation not supported'.

.TP
.B \-\-xattr\-ro, \-o xattr\-ro
Let extended attributes be read\-only (the default).

.TP
.B \-\-xattr\-rw, \-o xattr\-rw
Let extended attributes be read\-write. The read/write permissions are
checked against the permission bits in the mounted file system.

.SH FUSE OPTIONS
.TP
.B \-o \fIoptions
Fuse options.

.TP
.B \-d, \-o debug
Enable debug output (implies \-f).

.TP
.B \-f
Foreground operation.

.TP
.B \-s
Disable multithreaded operation.


.SH PERMISSION SPECIFICATION
The \fB\-p\fP option takes a comma\- or colon\-separated list of either octal
numeric permission bits or symbolic representations of permission bit
operations.
The symbolic representation is based on that of the  \fBchmod\fP(1) command.
setuid, setgid and sticky bits are ignored.

This program extends the chmod symbolic representation with the following
operands:

`\fBD\fP' (right hand side)
    Works like \fBX\fP but applies only to directories (not to executables).

`\fBd\fP' and `\fBf\fP' (left hand side)
    Makes this directive only apply to directories (d) or files (f).
    e.g. \fBgd\-w\fP would remove the group write bit from all directories.

`\fBu\fP', `\fBg\fP', `\fBo\fP' (right hand side)
    Uses the user (u), group (g) or others (o) permission bits of
    the original file.
    e.g. \fBg=u\fP would copy the user's permission bits to the group.
         \fBug+o\fP would add the others' permissions to the owner and group.


.I Examples
.TP
.B o\-rwx
Removes all permission bits from others.

.TP
.B g=rD
Allows group to read all files and enter all directories, but nothing else.

.TP
.B 0644,a+X
Sets permission bits to 0644 and adds the execute bit for everyone
to all directories and executables.

.TP
.B og\-x:og+rD:u=rwX:g+rw
Removes execute bit for others and group,
adds read and directory execute for others and group,
sets user permissions to read, write and execute directory/executable,
adds read and write for group.


.SH EXAMPLES
.BR
.TP
.B bindfs \-u www \-g nogroup \-p 0000,u=rD ~/mywebsite ~/public_html/mysite

Publishes a website in public_html so that only the 'www' user can
read the site.

.TP
.B bindfs \-M foo,bar,1007,@mygroup \-p 0600,u+X dir mnt

Gives access to 'foo', 'bar', the user with the UID 1007 as well as
everyone in the group 'mygroup'. Sets the permission bits to 0600,
thus giving the specified users read/write access,
and adds the user execute bit for directories and executables.

.TP
.B bindfs \-ono\-allow\-other,perms=a\-w somedir somedir

Makes a directory read\-only and accessable only by the current user.

.TP
.B bindfs#/home/bob/shared /var/www/shared/bob  fuse  perms=0000:u+rD   0   0

An example \fI/etc/fstab\fP entry. Note that the colon must be used to
separate arguments to perms, because the comma is an option separator in
\fI/etc/fstab\fP.

.SH NOTES

Setuid and setgid bits have no effect inside the mount.
This is a necessary security feature of FUSE.

.SH BUGS

Please report.

.SH AUTHOR
Martin P\[:a]rtel <martin dot partel at gmail dot com>

.SH SEE ALSO
\fBchmod\fP(1), \fBfusermount\fP(1)