1.\" Copyright (c) 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" This code is derived from software donated to Berkeley by 5.\" Jan-Simon Pendry. 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 4. Neither the name of the University nor the names of its contributors 16.\" may be used to endorse or promote products derived from this software 17.\" without specific prior written permission. 18.\" 19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" 31.\" @(#)mount_union.8 8.6 (Berkeley) 3/27/94 32.\" $FreeBSD$ 33.\" 34.Dd November 30, 2006 35.Dt MOUNT_UNIONFS 8 36.Os 37.Sh NAME 38.Nm mount_unionfs 39.Nd mount union file systems 40.Sh SYNOPSIS 41.Nm 42.Op Fl br 43.Op Fl o Ar options 44.Ar directory 45.Ar uniondir 46.Sh DESCRIPTION 47The 48.Nm 49utility attaches 50.Ar directory 51above 52.Ar uniondir 53in such a way that the contents of both directory trees remain visible. 54By default, 55.Ar directory 56becomes the 57.Em upper 58layer and 59.Ar uniondir 60becomes the 61.Em lower 62layer. 63.Pp 64The options are as follows: 65.Bl -tag -width indent 66.It Fl b 67Deprecated. 68Use 69.Fl o Cm below 70instead. 71.It Fl o 72Options are specified with the 73.Fl o 74flag followed by an option. 75The following options are available: 76.Bl -tag -width indent 77.It Cm below 78Inverts the default position, so that 79.Ar directory 80becomes the lower layer and 81.Ar uniondir 82becomes the upper layer. 83However, 84.Ar uniondir 85remains the mount point. 86.It Sm Cm copymode No = Cm traditional | transparent | masquerade Sm 87Specifies the way to create a file or a directory in the upper layer 88automatically when needed. 89The 90.Cm traditional 91mode 92uses the same way as the old unionfs for backward compatibility, and 93.Cm transparent 94duplicates the file and directory mode bits and the ownership in the 95lower layer to the created file in the upper layer. 96For behavior of the 97.Cm masquerade 98mode, see 99.Sx MASQUERADE MODE 100below. 101.It Cm udir Ns = Ns Ar mode 102Specifies directory mode bits in octal for 103.Cm masquerade 104mode. 105.It Cm ufile Ns = Ns Ar mode 106Specifies file mode bits in octal for 107.Cm masquerade 108mode. 109.It Cm gid Ns = Ns Ar gid 110Specifies group for 111.Cm masquerade 112mode. 113.It Cm uid Ns = Ns Ar uid 114Specifies user for 115.Cm masquerade 116mode. 117.El 118.El 119.Pp 120To enforce file system security, the user mounting a file system 121must be superuser or else have write permission on the mounted-on 122directory. 123In addition, the 124.Va vfs.usermount 125.Xr sysctl 8 126variable must be set to 1 to permit file system mounting by ordinary users. 127However, note that 128.Cm transparent 129and 130.Cm masquerade 131modes require 132.Va vfs.usermount 133to be set to 0 because this functionality can only be used by superusers. 134.Pp 135Filenames are looked up in the upper layer and then in the 136lower layer. 137If a directory is found in the lower layer, and there is no entry 138in the upper layer, then a 139.Em shadow 140directory will be created in the upper layer. 141The ownership and the mode bits are set depending on the 142.Cm copymode 143option. 144In 145.Cm traditional 146mode, it will be owned by the user who originally did the 147union mount, with mode 0777 148.Pq Dq Li rwxrwxrwx 149modified by the umask in effect at that time. 150.Pp 151If a file exists in the upper layer then there is no way to access 152a file with the same name in the lower layer. 153If necessary, a combination of loopback and union mounts can be made 154which will still allow the lower files to be accessed by a different 155pathname. 156.Pp 157Except in the case of a directory, 158access to an object is granted via the normal file system access checks. 159For directories, the current user must have access to both the upper 160and lower directories (should they both exist). 161.Pp 162Requests to create or modify objects in 163.Ar uniondir 164are passed to the upper layer with the exception of a few special cases. 165An attempt to open for writing a file which exists in the lower layer 166causes a copy of the 167.Em entire 168file to be made to the upper layer, and then for the upper layer copy 169to be opened. 170Similarly, an attempt to truncate a lower layer file to zero length 171causes an empty file to be created in the upper layer. 172Any other operation which would ultimately require modification to 173the lower layer fails with 174.Er EROFS . 175.Pp 176The union file system manipulates the namespace, rather than 177individual file systems. 178The union operation applies recursively down the directory tree 179now rooted at 180.Ar uniondir . 181Thus any file systems which are mounted under 182.Ar uniondir 183will take part in the union operation. 184This differs from the 185.Cm union 186option to 187.Xr mount 8 188which only applies the union operation to the mount point itself, 189and then only for lookups. 190.Sh MASQUERADE MODE 191When a file 192(or a directory) 193is created in the upper layer, the 194.Cm masquerade 195mode sets it the fixed access mode bits given in 196.Cm ufile 197(for files) 198or 199.Cm udir 200(for directories) 201option and the owner given in 202.Cm udir 203and 204.Cm gid 205options, instead of ones in the lower layer. 206Note that in the 207.Cm masquerade 208mode and when owner of the file or directory matches 209one specified in 210.Cm uid 211option, only mode bits for the owner will be modified. 212More specifically, the file mode bits in the upper layer will 213be 214(mode in the lower layer) 215OR 216(mode given in 217.Cm ufile 218AND 0700), and the ownership will be the same as one in the lower layer. 219.Pp 220The default values for 221.Cm ufile , udir , uid , 222and 223.Cm gid 224are as follow: 225.Pp 226.Bl -bullet -compact 227.It 228If none of 229.Cm ufile 230and 231.Cm udir 232were specified, access mode bits in the mount point will be used. 233.It 234If none of 235.Cm uid 236and 237.Cm gid 238were specified, ownership in the mount point will be used. 239.It 240If one of 241.Cm udir 242or 243.Cm ufile 244is not specified, the value of the other option will be used. 245.It 246If one of 247.Cm uid 248or 249.Cm gid 250is not specified, the value of the other option will be used. 251.El 252.Sh EXAMPLES 253The commands 254.Bd -literal -offset indent 255mount -t cd9660 -o ro /dev/cd0 /usr/src 256mount -t unionfs -o noatime /var/obj /usr/src 257.Ed 258.Pp 259mount the CD-ROM drive 260.Pa /dev/cd0 261on 262.Pa /usr/src 263and then attaches 264.Pa /var/obj 265on top. 266For most purposes the effect of this is to make the 267source tree appear writable 268even though it is stored on a CD-ROM. 269The 270.Fl o Cm noatime 271option is useful to avoid unnecessary copying from the lower to the 272upper layer. 273.Pp 274The commands 275.Bd -literal -offset indent 276mount -t cd9660 -o ro /dev/cd0 /usr/src 277chown 2020 /usr/src 278mount -t unionfs -o noatime -o copymode=masquerade -o uid=builder \\ 279 -o udir=755 -o ufile=644 /var/obj /usr/src 280.Ed 281.Pp 282also mount the CD-ROM drive 283.Pa /dev/cd0 284on 285.Pa /usr/src 286and then attaches 287.Pa /var/obj 288on top. 289Furthermore, the owner of all files and directories in 290.Pa /usr/src 291is a regular user with UID 2020 292when seen from the upper layer. 293Note that for the access mode bits, 294ones in the lower layer 295(on the CD-ROM, in this example) 296are still used without change. 297Thus, write privilege to the upper layer can be controlled 298independently from access mode bits and ownership in the lower layer. 299If a user does not have read privilege from the lower layer, 300one cannot still read even when the upper layer is mounted by using 301.Cm masquerade 302mode. 303.Pp 304The command 305.Bd -literal -offset indent 306mount -t unionfs -o noatime -o below /sys $HOME/sys 307.Ed 308.Pp 309attaches the system source tree below the 310.Pa sys 311directory in the user's home directory. 312This allows individual users to make private changes 313to the source, and build new kernels, without those 314changes becoming visible to other users. 315Note that the files in the lower layer remain 316accessible via 317.Pa /sys . 318.Sh SEE ALSO 319.Xr intro 2 , 320.Xr mount 2 , 321.Xr unmount 2 , 322.Xr fstab 5 , 323.Xr mount 8 , 324.Xr mount_nullfs 8 325.Sh HISTORY 326The 327.Nm 328utility first appeared in 329.Bx 4.4 . 330.Pp 331The 332.Fl r 333option for hiding the lower layer completely was removed in 334.Fx 7.0 335because this is identical to using 336.Xr mount_nullfs 8 . 337.Sh AUTHORS 338.An -nosplit 339In 340.Fx 7.0 , 341.An Masanori OZAWA Aq ozawa@ongs.co.jp 342reimplemented handling of locking, whiteout, and file mode bits, and 343.An Hiroki Sato Aq hrs@FreeBSD.org 344wrote about the changes in this manual page. 345.Sh BUGS 346THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) 347AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. 348USE AT YOUR 349OWN RISK. 350BEWARE OF DOG. 351SLIPPERY WHEN WET. 352.Pp 353This code also needs an owner in order to be less dangerous - serious 354hackers can apply by sending mail to 355.Aq freebsd-fs@FreeBSD.org 356and announcing 357their intent to take it over. 358.Pp 359Without whiteout support from the file system backing the upper layer, 360there is no way that delete and rename operations on lower layer 361objects can be done. 362.Er EROFS 363is returned for this kind of operations along with any others 364which would make modifications to the lower layer, such as 365.Xr chmod 1 . 366.Pp 367Running 368.Xr find 1 369over a union tree has the side-effect of creating 370a tree of shadow directories in the upper layer. 371.Pp 372The current implementation does not support copying extended attributes 373for 374.Xr acl 9 , 375.Xr mac 9 , 376or so on to the upper layer. 377Note that this may be a security issue. 378.Pp 379A shadow directory, which is one automatically created in the upper 380layer when it exists in the lower layer and does not exist in the 381upper layer, is always created with the superuser privilege. 382However, a file copied from the lower layer in the same way 383is created by the user who accessed it. 384Because of this, 385if the user is not the superuser, even in 386.Cm transparent 387mode the access mode bits in the copied file in the upper layer 388will not always be the same as ones in the lower layer. 389This behavior should be fixed. 390