NAME
bindfs ‐ mount --bind in user-space
SYNOPSIS
bindfs [options] dir mountpoint
DESCRIPTION
A FUSE filesystem for mirroring the contents of a directory to another
directory. Additionally, one can change the permissions of files in the
mirrored directory.
OPTIONS
-h, --help
Displays a help message and exits.
-V, --version
Displays version information and exits.
-u, --user, --owner=user, -o owner=...
Makes all files owned by the specified user. Also causes chown
on the mounted filesystem to always fail.
-g, --group=group, -o group=...
Makes all files owned by the specified group. Also causes chgrp
on the mounted filesystem to always fail.
-p, --perms=permissions, -o perms=...
Takes a comma- or colon-separated list of chmod-like permission
specifications to be applied to the permission bits in order.
See PERMISSION SPECIFICATION below for details.
This only affects how the permission bits of existing files are
altered when shown in the mounted directory. You can use
--create-with-perms to change the permissions newly created
files get in the source directory.
-m, --mirror=users, -o mirror=...
Takes a comma- or colon-separated list of users who will see
themselves as the owners of all files. Users who are not listed
here will still be able to access the mount if the permissions
otherwise allow them to.
You can also give a group name prefixed with an ’@’ to mirror
all members of a group. This will not change which group the
files are shown to have.
-M, --mirror-only=users, -o mirror-only=...
Like --mirror but disallows access for all other users (except
root).
-n, --no-allow-other, -o no-allow-other
Does not add -o allow_other to FUSE options. This causes the
mount to be accessible only by the current user.
FILE CREATION POLICY
New files and directories are created so they are owned by the mounter.
bindfs can let this happen (the default for normal users), or it can
try to change the owner to the uid/gid of the process that wants to
create the file (the default for root). It is also possible to have
bindfs try to change the owner to a particular user or group.
--create-as-user, -o create-as-user
Tries to change the owner and group of new files and directories
to the uid and gid of the caller. This can work only if the
mounter is root. It is also the default behavior (mimicing
mount --bind) if the mounter is root.
--create-as-mounter, -o create-as-mounter
All new files and directories will be owned by the mounter.
This is the default behavior for non-root mounters.
--create-for-user=user, -o create-for-user=...
Tries to change the owner of new files and directories to the
user specified here. This can work only if the mounter is root.
This option overrides the --create-as-user and
--create-as-mounter options.
--create-for-group=group, -o create-for-group=...
Tries to change the owning group of new files and directories to
the group specified here. This can work only if the mounter is
root. This option overrides the --create-as-user and
--create-as-mounter options.
--create-with-perms=permissions, -o create-with-perms=...
Works like --perms but is applied to the permission bits of new
files get in the source directory. Normally the permissions of
new files depend on the creating process’s preferences and
umask. This option can be used to modify those permissions or
override them completely. See PERMISSION SPECIFICATION below
for details.
CHOWN/CHGRP POLICY
The behaviour on chown/chgrp calls can be changed. By default they are
passed through to the source directory even if bindfs is set to show a
fake owner/group. A chown/chgrp call will only succeed if the user has
enough mirrored permissions to chmod the mirrored file AND the mounter
has enough permissions to chmod the real file.
--chown-normal, -o chown-normal
Tries to chown the underlying file. This is the default.
--chown-ignore, -o chown-ignore
Lets chown succeed (if the user has enough mirrored permissions)
but actually does nothing. A combined chown/chgrp is effectively
turned into a chgrp-only request.
--chown-deny, -o chown-deny
Makes chown always fail with a ’permission denied’ error. A
combined chown/chgrp request will fail as well.
--chgrp-normal, -o chgrp-normal
Tries to chgrp the underlying file. This is the default.
--chgrp-ignore, -o chgrp-ignore
Lets chgrp succeed (if the user has enough mirrored permissions)
but actually does nothing. A combined chown/chgrp is effectively
turned into a chown-only request.
--chgrp-deny, -o chgrp-deny
Makes chgrp always fail with a ’permission denied’ error. A
combined chown/chgrp request will fail as well.
CHMOD POLICY
Chmod calls are forwarded to the source directory by default. This may
cause unexpected behaviour if bindfs is altering permission bits.
--chmod-normal, -o chmod-normal
Tries to chmod the underlying file. This will succeed if the
user has the appropriate mirrored permissions to chmod the
mirrored file AND the mounter has enough permissions to chmod
the real file. This is the default (in order to behave like
mount --bind by default).
--chmod-ignore, -o chmod-ignore
Lets chmod succeed (if the user has enough mirrored permissions)
but actually does nothing.
--chmod-deny, -o chmod-deny
Makes chmod always fail with a ’permission denied’ error.
--chmod-allow-x, -o chmod-allow-x
Allows setting and clearing the executable attribute on files
(but not directories). When used with --chmod-ignore, chmods
will only affect execute bits on files and changes to other bits
are discarded. With --chmod-deny, all chmods that would change
any bits except excecute bits on files will still fail with a
’permission denied’. This option does nothing with
--chmod-normal.
XATTR POLICY
Extended attributes are mirrored by default, though not all underlying
file systems support xattrs.
--xattr-none, -o xattr-none
Disable extended attributes altogether. All operations will
return ’Operation not supported’.
--xattr-ro, -o xattr-ro
Let extended attributes be read-only.
--xattr-rw, -o xattr-rw
Let extended attributes be read-write (the default). The
read/write permissions are checked against the (possibly
modified) file permissions inside the mount.
TIME-RELATED OPTIONS
Recall that a unix file has three standard timestamps: atime (last
access i.e. read time), mtime (last content modification time) ctime
(last content or metadata (inode) change time)
It may sometimes be useful to alter these timestamps, but care should
be taken not to cause programs (e.g. backup jobs) to miss important
changes.
--ctime-from-mtime, -o ctime-from-mtime
Reads the ctime of each file and directory from its mtime. In
other words, only content modifications (as opposed to metadata
changes) will be reflected in a mirrored file’s ctime. (The
underlying file’s ctime will still be updated normally.)
FUSE OPTIONS
-o options
Fuse options.
-d, -o debug
Enable debug output (implies -f).
-f Foreground operation.
-s Disable multithreaded operation.
PERMISSION SPECIFICATION
The -p option takes a comma- or colon-separated list of either octal
numeric permission bits or symbolic representations of permission bit
operations. The symbolic representation is based on that of the
chmod(1) command. setuid, setgid and sticky bits are ignored.
This program extends the chmod symbolic representation with the
following operands:
‘D’ (right hand side)
Works like X but applies only to directories (not to executables).
‘d’ and ‘f’ (left hand side)
Makes this directive only apply to directories (d) or files (f).
e.g. gd-w would remove the group write bit from all directories.
‘u’, ‘g’, ‘o’ (right hand side)
Uses the user (u), group (g) or others (o) permission bits of
the original file.
e.g. g=u would copy the user’s permission bits to the group.
ug+o would add the others’ permissions to the owner and group.
Examples
o-rwx Removes all permission bits from others.
g=rD Allows group to read all files and enter all directories, but
nothing else.
0644,a+X
Sets permission bits to 0644 and adds the execute bit for
everyone to all directories and executables.
og-x:og+rD:u=rwX:g+rw
Removes execute bit for others and group, adds read and
directory execute for others and group, sets user permissions to
read, write and execute directory/executable, adds read and
write for group.
EXAMPLES
bindfs -u www -g nogroup -p 0000,u=rD ~/mywebsite ~/public_html/mysite
Publishes a website in public_html so that only the ’www’ user
can read the site.
bindfs -M foo,bar,1007,@mygroup -p 0600,u+X dir mnt
Gives access to ’foo’, ’bar’, the user with the UID 1007 as well
as everyone in the group ’mygroup’. Sets the permission bits to
0600, thus giving the specified users read/write access, and
adds the user execute bit for directories and executables.
bindfs -ono-allow-other,perms=a-w somedir somedir
Makes a directory read-only and accessable only by the current
user.
bindfs#/home/bob/shared /var/www/shared/bob fuse perms=0000:u+rD 0 0
An example /etc/fstab entry. Note that the colon must be used to
separate arguments to perms, because the comma is an option
separator in /etc/fstab.
NOTES
Setuid and setgid bits have no effect inside the mount. This is a
necessary security feature of FUSE.
BUGS
Please report to the issue tracker on the project home page at
http://code.google.com/p/bindfs/
AUTHOR
Martin Pärtel <martin dot partel at gmail dot com>
SEE ALSO
chmod(1), fusermount(1)