fuse(8)                                               System Manager's Manual                                               fuse(8)

       fuse - configuration and mount options for FUSE file systems

       FUSE (Filesystem in Userspace) is a simple interface for userspace programs to export a virtual filesystem to the Linux ker‐
       nel. FUSE also aims to provide a secure method for non privileged users to create and mount their own filesystem implementa‐

       FUSE   The in-kernel filesystem that forwards requests to a user-space process.

              The user-space process that responds to requests received from the kernel.

              The  shared  library that most (user-space) filesystems use to communicate with FUSE (the kernel filesystem). libfuse
              also provides the fusermount3 (or fusermount if you have older version of libfuse)  helper  to  allow  non-privileged
              users to mount filesystems.

       filesystem owner
              The user that starts the filesystem and instructs the kernel to associate it with a particular mountpoint. The latter
              is typically done by the filesystem itself on start-up. When using libfuse, this is done by calling  the  fusermount3

       client Any process that interacts with the mountpoint.

       Some options regarding mount policy can be set in the file /etc/fuse.conf. Currently these options are:

       mount_max = NNN
              Set the maximum number of FUSE mounts allowed to non-root users. The default is 1000.

              Allow non-root users to specify the allow_other or allow_root mount options (see below).

       These limits are enforced by the fusermount3 helper, so they can be avoided by filesystems that run as root.

       Most  of  the generic mount options described in mount are supported (ro, rw, suid, nosuid, dev, nodev, exec, noexec, atime,
       noatime, sync, async, dirsync). Filesystems are mounted with nodev,nosuid by default, which can  only  be  overridden  by  a
       privileged user.

   General mount options:
       These are FUSE specific mount options that can be specified for all filesystems:

              This  option instructs the kernel to perform its own permission check instead of deferring all permission checking to
              the filesystem. The check by the kernel is done in addition to any permission checks by the filesystem, and both have
              to  succeed  for an operation to be allowed. The kernel performs a standard UNIX permission check (based on mode bits
              and ownership of the directory entry, and uid/gid of the client).

              This mount option is activated implicitly if the filesystem enables ACL support during the initial  feature  negotia‐
              tion when opening the device fd. In this case, the kernel performs both ACL and standard unix permission checking.

              Filesystems that do not implement any permission checking should generally add this option internally.

              This  option  overrides  the security measure restricting file access to the filesystem owner, so that all users (in‐
              cluding root) can access the files.

              Specifies the file mode of the filesystem's root (in octal representation).

       blkdev Mount a filesystem backed by a block device.  This is a privileged option. The device must be specified with the  fs‐
              name=NAME option.

              Set the block size for the filesystem. This option is only valid for 'fuseblk' type mounts. The default is 512.

              In most cases, this option should not be specified by the filesystem owner but set internally by the filesystem.

              With  this  option  the maximum size of read operations can be set. The default is infinite, but typically the kernel
              enforces its own limit in addition to this one. A value of zero corresponds to no limit.

              This option should not be specified by the filesystem owner. The correct (or optimum) value depends on the filesystem
              implementation and should thus be set by the filesystem internally.

              This  mount option is deprecated in favor of direct negotiation over the device fd (as done for e.g. the maximum size
              of write operations). For the time being, libfuse-using filesystems that want to limit the read size  must  therefore
              use this mount option and set the same value again in the init() handler.

       fd=N   The  file  descriptor  to use for communication between the userspace filesystem and the kernel.  The file descriptor
              must have been obtained by opening the FUSE device (/dev/fuse).

              This option should not be specified by the filesystem owner. It is set by libfuse (or, if libfuse is not  used,  must
              be set by the filesystem itself).

              group_id=N Specifies the numeric uid/gid of the mount owner.

              This  option  should not be specified by the filesystem owner. It is set by libfuse (or, if libfuse is not used, must
              be set by the filesystem itself).

              Sets the filesystem source (first field in /etc/mtab). The default is the name of the filesystem process.

              Sets the filesystem type (third field in /etc/mtab). The default is the name of the filesystem process. If the kernel
              supports it, /etc/mtab and /proc/mounts will show the filesystem type as fuse.TYPE

              If  the  kernel  doesn't  support subtypes, the source field will be TYPE#NAME, or if fsname option is not specified,
              just TYPE.

   libfuse-specific mount options:
       These following options are not actually passed to the kernel but interpreted by libfuse. They  can  be  specified  for  all
       filesystems that use libfuse:

              This  option  is similar to allow_other but file access is limited to the filesystem owner and root.  This option and
              allow_other are mutually exclusive.

              This option enables automatic release of the mountpoint  if  filesystem  terminates  for  any  reason.  Normally  the
              filesystem  is  responsible for releasing the mountpoint, which means that the mountpoint becomes inaccessible if the
              filesystem terminates without first unmounting.

              At the moment, this option implies that the filesystem will also be mounted with nodev and nosuid (even when  mounted
              by root). This restriction may be lifted in the future.

   High-level mount options:
       These  following  options  are  not actually passed to the kernel but interpreted by libfuse. They can only be specified for
       filesystems that use the high-level libfuse API:

              This option disables flushing the cache of the file contents on every  open(2).   This  should  only  be  enabled  on
              filesystems,  where  the file data is never changed externally (not through the mounted FUSE filesystem).  Thus it is
              not suitable for network filesystems and other "intermediate" filesystems.

              NOTE: if this option is not specified (and neither direct_io) data is still cached after the open(2),  so  a  read(2)
              system call will not always initiate a read operation.

              This option is an alternative to kernel_cache. Instead of unconditionally keeping cached data, the cached data is in‐
              validated on open(2) if the modification time or the size of the file has changed since it was last opened.

              Override the permission bits in st_mode set by the filesystem. The resulting permission bits  are  the  ones  missing
              from the given umask value.  The value is given in octal representation.

       uid=N  Override the st_uid field set by the filesystem (N is numeric).

       gid=N  Override the st_gid field set by the filesystem (N is numeric).

              The timeout in seconds for which name lookups will be cached. The default is 1.0 second. For all the timeout options,
              it is possible to give fractions of a second as well (e.g. entry_timeout=2.8)

              The timeout in seconds for which a negative lookup will be cached. This means, that if file did not exist (lookup re‐
              turned ENOENT), the lookup will only be redone after the timeout, and the file/directory will be assumed to not exist
              until then.  The default is 0.0 second, meaning that caching negative lookups are disabled.

              The timeout in seconds for which file/directory attributes are cached.  The default is 1.0 second.

              The timeout in seconds for which file attributes are cached for the purpose of checking if  auto_cache  should  flush
              the file data on  open. The default is the value of attr_timeout


              Normally,  libfuse  assigns  inodes to paths only for as long as the kernel is aware of them. With this option inodes
              are instead assigned for at least T seconds (or, in the case of noforget, the life-time of the filesystem). This will
              require more memory, but may be necessary when using applications that make use of inode numbers.

              Add  modules to the filesystem stack.  Modules are pushed in the order they are specified, with the original filesys‐
              tem being on the bottom of the stack.

   mount.fuse3 options:
       These options are interpreted by mount.fuse3 and are thus only available when mounting a file system via  mount.fuse3  (such
       as when mounting via the generic mount(1) command or /etc/fstab). Supported options are:

              Switch  to  USER and its primary group before launching the FUSE file system process. mount.fuse3 must be run as root
              or with CAP_SETUID and CAP_SETGID for this to work.

              Perform setup of the FUSE file descriptor and mounting the file system before launching the FUSE file system process.
              mount.fuse3  requires privilege to do so, i.e. must be run as root or at least with CAP_SYS_ADMIN and CAP_SETPCAP. It
              will launch the file system process fully unprivileged, i.e. without capabilities(7) and prctl(2) flags set  up  such
              that  privileges can't be reacquired (e.g. via setuid or fscaps binaries). This reduces risk in the event of the FUSE
              file system process getting compromised by malicious file system data.

       Modules are filesystem stacking support to high level API. Filesystem modules can be  built  into  libfuse  or  loaded  from
       shared object

       Perform file name character set conversion.  Options are:

              Character set to convert from (see iconv -l for a list of possible values). Default is UTF-8.

              Character set to convert to.  Default is determined by the current locale.

       Prepend a given directory to each path. Options are:

              Directory to prepend to all paths.  This option is mandatory.

              Transform absolute symlinks into relative

              Do not transform absolute symlinks into relative.  This is the default.

       The  fusermount3  program  is installed set-user-gid to fuse. This is done to allow users from fuse group to mount their own
       filesystem implementations.  There must however be some limitations, in order to prevent Bad User from doing  nasty  things.
       Currently those limitations are:

       1.     The user can only mount on a mountpoint, for which it has write permission

       2.     The mountpoint is not a sticky directory which isn't owned by the user (like /tmp usually is)

       3.     No other user (including root) can access the contents of the mounted filesystem.

       FUSE filesystems are unmounted using the fusermount3(1) command (fusermount3 -u mountpoint).

       FUSE is currently maintained by Nikolaus Rath <Nikolaus@rath.org>

       The original author of FUSE is Miklos Szeredi <mszeredi@inf.bme.hu>.

       This man page was originally written by Bastien Roucaries <roucaries.bastien+debian@gmail.com> for the Debian GNU/Linux dis‐

       fusermount3(1) fusermount(1) mount(8) fuse(4)