1.\" Copyright (c) 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software donated to Berkeley by 5.\" Jan-Simon Pendry. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 4. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)mount_union.8 8.6 (Berkeley) 3/27/94 32.\" $FreeBSD$ 33.\" 34.Dd November 30, 2006 35.Dt MOUNT_UNIONFS 8 36.Os 37.Sh NAME 38.Nm mount_unionfs 39.Nd mount union file systems 40.Sh SYNOPSIS 41.Nm 42.Op Fl br 43.Op Fl o Ar options 44.Ar directory 45.Ar uniondir 46.Sh DESCRIPTION 47The 48.Nm 49utility attaches 50.Ar directory 51above 52.Ar uniondir 53in such a way that the contents of both directory trees remain visible. 54By default, 55.Ar directory 56becomes the 57.Em upper 58layer and 59.Ar uniondir 60becomes the 61.Em lower 62layer. 63.Pp 64The options are as follows: 65.Bl -tag -width indent 66.It Fl b 67Deprecated. 68Use 69.Fl o Cm below 70instead. 71.It Fl o 72Options are specified with the 73.Fl o 74flag followed by an option. 75The following options are available: 76.Bl -tag -width indent 77.It Cm below 78Inverts the default position, so that 79.Ar directory 80becomes the lower layer and 81.Ar uniondir 82becomes the upper layer. 83However, 84.Ar uniondir 85remains the mount point. 86.It Sm Cm copymode No = Cm traditional | transparent | masquerade Sm 87Specifies the way to create a file or a directory in the upper layer 88automatically when needed. 89The 90.Cm traditional 91mode 92uses the same way as the old unionfs for backward compatibility, and 93.Cm transparent 94duplicates the file and directory mode bits and the ownership in the 95lower layer to the created file in the upper layer. 96For behavior of the 97.Cm masquerade 98mode, see 99.Sx MASQUERADE MODE 100below. 101.It Sm Cm whiteout No = Cm always | whenneeded Sm 102Specifies whether whiteouts should always be made in the upper layer 103when removing a file or directory or only when it already exists in the 104lower layer. 105.It Cm udir Ns = Ns Ar mode 106Specifies directory mode bits in octal for 107.Cm masquerade 108mode. 109.It Cm ufile Ns = Ns Ar mode 110Specifies file mode bits in octal for 111.Cm masquerade 112mode. 113.It Cm gid Ns = Ns Ar gid 114Specifies group for 115.Cm masquerade 116mode. 117.It Cm uid Ns = Ns Ar uid 118Specifies user for 119.Cm masquerade 120mode. 121.El 122.El 123.Pp 124To enforce file system security, the user mounting a file system 125must be superuser or else have write permission on the mounted-on 126directory. 127In addition, the 128.Va vfs.usermount 129.Xr sysctl 8 130variable must be set to 1 to permit file system mounting by ordinary users. 131However, note that 132.Cm transparent 133and 134.Cm masquerade 135modes require 136.Va vfs.usermount 137to be set to 0 because this functionality can only be used by superusers. 138.Pp 139Filenames are looked up in the upper layer and then in the 140lower layer. 141If a directory is found in the lower layer, and there is no entry 142in the upper layer, then a 143.Em shadow 144directory will be created in the upper layer. 145The ownership and the mode bits are set depending on the 146.Cm copymode 147option. 148In 149.Cm traditional 150mode, it will be owned by the user who originally did the 151union mount, with mode 0777 152.Pq Dq Li rwxrwxrwx 153modified by the umask in effect at that time. 154.Pp 155If a file exists in the upper layer then there is no way to access 156a file with the same name in the lower layer. 157If necessary, a combination of loopback and union mounts can be made 158which will still allow the lower files to be accessed by a different 159pathname. 160.Pp 161Except in the case of a directory, 162access to an object is granted via the normal file system access checks. 163For directories, the current user must have access to both the upper 164and lower directories (should they both exist). 165.Pp 166Requests to create or modify objects in 167.Ar uniondir 168are passed to the upper layer with the exception of a few special cases. 169An attempt to open for writing a file which exists in the lower layer 170causes a copy of the 171.Em entire 172file to be made to the upper layer, and then for the upper layer copy 173to be opened. 174Similarly, an attempt to truncate a lower layer file to zero length 175causes an empty file to be created in the upper layer. 176Any other operation which would ultimately require modification to 177the lower layer fails with 178.Er EROFS . 179.Pp 180The union file system manipulates the namespace, rather than 181individual file systems. 182The union operation applies recursively down the directory tree 183now rooted at 184.Ar uniondir . 185Thus any file systems which are mounted under 186.Ar uniondir 187will take part in the union operation. 188This differs from the 189.Cm union 190option to 191.Xr mount 8 192which only applies the union operation to the mount point itself, 193and then only for lookups. 194.Sh MASQUERADE MODE 195When a file 196(or a directory) 197is created in the upper layer, the 198.Cm masquerade 199mode sets it the fixed access mode bits given in 200.Cm ufile 201(for files) 202or 203.Cm udir 204(for directories) 205option and the owner given in 206.Cm udir 207and 208.Cm gid 209options, instead of ones in the lower layer. 210Note that in the 211.Cm masquerade 212mode and when owner of the file or directory matches 213one specified in 214.Cm uid 215option, only mode bits for the owner will be modified. 216More specifically, the file mode bits in the upper layer will 217be 218(mode in the lower layer) 219OR 220(mode given in 221.Cm ufile 222AND 0700), and the ownership will be the same as one in the lower layer. 223.Pp 224The default values for 225.Cm ufile , udir , uid , 226and 227.Cm gid 228are as follow: 229.Pp 230.Bl -bullet -compact 231.It 232If none of 233.Cm ufile 234and 235.Cm udir 236were specified, access mode bits in the mount point will be used. 237.It 238If none of 239.Cm uid 240and 241.Cm gid 242were specified, ownership in the mount point will be used. 243.It 244If one of 245.Cm udir 246or 247.Cm ufile 248is not specified, the value of the other option will be used. 249.It 250If one of 251.Cm uid 252or 253.Cm gid 254is not specified, the value of the other option will be used. 255.El 256.Sh EXAMPLES 257The commands 258.Bd -literal -offset indent 259mount -t cd9660 -o ro /dev/cd0 /usr/src 260mount -t unionfs -o noatime /var/obj /usr/src 261.Ed 262.Pp 263mount the CD-ROM drive 264.Pa /dev/cd0 265on 266.Pa /usr/src 267and then attaches 268.Pa /var/obj 269on top. 270For most purposes the effect of this is to make the 271source tree appear writable 272even though it is stored on a CD-ROM. 273The 274.Fl o Cm noatime 275option is useful to avoid unnecessary copying from the lower to the 276upper layer. 277.Pp 278The commands 279.Bd -literal -offset indent 280mount -t cd9660 -o ro /dev/cd0 /usr/src 281chown 2020 /usr/src 282mount -t unionfs -o noatime -o copymode=masquerade -o uid=builder \\ 283 -o udir=755 -o ufile=644 /var/obj /usr/src 284.Ed 285.Pp 286also mount the CD-ROM drive 287.Pa /dev/cd0 288on 289.Pa /usr/src 290and then attaches 291.Pa /var/obj 292on top. 293Furthermore, the owner of all files and directories in 294.Pa /usr/src 295is a regular user with UID 2020 296when seen from the upper layer. 297Note that for the access mode bits, 298ones in the lower layer 299(on the CD-ROM, in this example) 300are still used without change. 301Thus, write privilege to the upper layer can be controlled 302independently from access mode bits and ownership in the lower layer. 303If a user does not have read privilege from the lower layer, 304one cannot still read even when the upper layer is mounted by using 305.Cm masquerade 306mode. 307.Pp 308The command 309.Bd -literal -offset indent 310mount -t unionfs -o noatime -o below /sys $HOME/sys 311.Ed 312.Pp 313attaches the system source tree below the 314.Pa sys 315directory in the user's home directory. 316This allows individual users to make private changes 317to the source, and build new kernels, without those 318changes becoming visible to other users. 319Note that the files in the lower layer remain 320accessible via 321.Pa /sys . 322.Sh SEE ALSO 323.Xr intro 2 , 324.Xr mount 2 , 325.Xr unmount 2 , 326.Xr fstab 5 , 327.Xr mount 8 , 328.Xr mount_nullfs 8 329.Sh HISTORY 330The 331.Nm 332utility first appeared in 333.Bx 4.4 . 334.Pp 335The 336.Fl r 337option for hiding the lower layer completely was removed in 338.Fx 7.0 339because this is identical to using 340.Xr mount_nullfs 8 . 341.Sh AUTHORS 342.An -nosplit 343In 344.Fx 7.0 , 345.An Masanori OZAWA Aq ozawa@ongs.co.jp 346reimplemented handling of locking, whiteout, and file mode bits, and 347.An Hiroki Sato Aq hrs@FreeBSD.org 348wrote about the changes in this manual page. 349.Sh BUGS 350THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) 351AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. 352USE AT YOUR 353OWN RISK. 354BEWARE OF DOG. 355SLIPPERY WHEN WET. 356.Pp 357This code also needs an owner in order to be less dangerous - serious 358hackers can apply by sending mail to 359.Aq freebsd-fs@FreeBSD.org 360and announcing 361their intent to take it over. 362.Pp 363Without whiteout support from the file system backing the upper layer, 364there is no way that delete and rename operations on lower layer 365objects can be done. 366.Er EROFS 367is returned for this kind of operations along with any others 368which would make modifications to the lower layer, such as 369.Xr chmod 1 . 370.Pp 371Running 372.Xr find 1 373over a union tree has the side-effect of creating 374a tree of shadow directories in the upper layer. 375.Pp 376The current implementation does not support copying extended attributes 377for 378.Xr acl 9 , 379.Xr mac 9 , 380or so on to the upper layer. 381Note that this may be a security issue. 382.Pp 383A shadow directory, which is one automatically created in the upper 384layer when it exists in the lower layer and does not exist in the 385upper layer, is always created with the superuser privilege. 386However, a file copied from the lower layer in the same way 387is created by the user who accessed it. 388Because of this, 389if the user is not the superuser, even in 390.Cm transparent 391mode the access mode bits in the copied file in the upper layer 392will not always be the same as ones in the lower layer. 393This behavior should be fixed. 394