1.\" Copyright (c) 1994
2.\" The Regents of the University of California.  All rights reserved.
3.\"
4.\" This code is derived from software donated to Berkeley by
5.\" Jan-Simon Pendry.
6.\"
7.\" Redistribution and use in source and binary forms, with or without
8.\" modification, are permitted provided that the following conditions
9.\" are met:
10.\" 1. Redistributions of source code must retain the above copyright
11.\"    notice, this list of conditions and the following disclaimer.
12.\" 2. Redistributions in binary form must reproduce the above copyright
13.\"    notice, this list of conditions and the following disclaimer in the
14.\"    documentation and/or other materials provided with the distribution.
15.\" 4. Neither the name of the University nor the names of its contributors
16.\"    may be used to endorse or promote products derived from this software
17.\"    without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\"	@(#)mount_union.8	8.6 (Berkeley) 3/27/94
32.\" $FreeBSD$
33.\"
34.Dd November 30, 2006
35.Dt MOUNT_UNIONFS 8
36.Os
37.Sh NAME
38.Nm mount_unionfs
39.Nd mount union file systems
40.Sh SYNOPSIS
41.Nm
42.Op Fl b
43.Op Fl o Ar options
44.Ar directory
45.Ar uniondir
46.Sh DESCRIPTION
47The
48.Nm
49utility attaches
50.Ar directory
51above
52.Ar uniondir
53in such a way that the contents of both directory trees remain visible.
54By default,
55.Ar directory
56becomes the
57.Em upper
58layer and
59.Ar uniondir
60becomes the
61.Em lower
62layer.
63.Pp
64The options are as follows:
65.Bl -tag -width indent
66.It Fl b
67Deprecated.
68Use
69.Fl o Cm below
70instead.
71.It Fl o
72Options are specified with the
73.Fl o
74flag followed by an option.
75The following options are available:
76.Bl -tag -width indent
77.It Cm below
78Inverts the default position, so that
79.Ar directory
80becomes the lower layer and
81.Ar uniondir
82becomes the upper layer.
83However,
84.Ar uniondir
85remains the mount point.
86.It Cm copymode No = Cm traditional | transparent | masquerade
87Specifies the way to create a file or a directory in the upper layer
88automatically when needed.
89The
90.Cm traditional
91mode
92uses the same way as the old unionfs for backward compatibility, and
93.Cm transparent
94duplicates the file and directory mode bits and the ownership in the
95lower layer to the created file in the upper layer.
96For behavior of the
97.Cm masquerade
98mode, see
99.Sx MASQUERADE MODE
100below.
101.It Cm whiteout No = Cm always | whenneeded
102Specifies whether whiteouts should always be made in the upper layer
103when removing a file or directory or only when it already exists in the
104lower layer.
105.It Cm udir Ns = Ns Ar mode
106Specifies directory mode bits in octal for
107.Cm masquerade
108mode.
109.It Cm ufile Ns = Ns Ar mode
110Specifies file mode bits in octal for
111.Cm masquerade
112mode.
113.It Cm gid Ns = Ns Ar gid
114Specifies group for
115.Cm masquerade
116mode.
117.It Cm uid Ns = Ns Ar uid
118Specifies user for
119.Cm masquerade
120mode.
121.El
122.El
123.Pp
124To enforce file system security, the user mounting a file system
125must be superuser or else have write permission on the mounted-on
126directory.
127In addition, the
128.Va vfs.usermount
129.Xr sysctl 8
130variable must be set to 1 to permit file system mounting by ordinary users.
131However, note that
132.Cm transparent
133and
134.Cm masquerade
135modes require
136.Va vfs.usermount
137to be set to 0 because this functionality can only be used by superusers.
138.Pp
139Filenames are looked up in the upper layer and then in the
140lower layer.
141If a directory is found in the lower layer, and there is no entry
142in the upper layer, then a
143.Em shadow
144directory will be created in the upper layer.
145The ownership and the mode bits are set depending on the
146.Cm copymode
147option.
148In
149.Cm traditional
150mode, it will be owned by the user who originally did the
151union mount, with mode 0777
152.Pq Dq Li rwxrwxrwx
153modified by the umask in effect at that time.
154.Pp
155If a file exists in the upper layer then there is no way to access
156a file with the same name in the lower layer.
157If necessary, a combination of loopback and union mounts can be made
158which will still allow the lower files to be accessed by a different
159pathname.
160.Pp
161Except in the case of a directory,
162access to an object is granted via the normal file system access checks.
163For directories, the current user must have access to both the upper
164and lower directories (should they both exist).
165.Pp
166Requests to create or modify objects in
167.Ar uniondir
168are passed to the upper layer with the exception of a few special cases.
169An attempt to open for writing a file which exists in the lower layer
170causes a copy of the
171.Em entire
172file to be made to the upper layer, and then for the upper layer copy
173to be opened.
174Similarly, an attempt to truncate a lower layer file to zero length
175causes an empty file to be created in the upper layer.
176Any other operation which would ultimately require modification to
177the lower layer fails with
178.Er EROFS .
179.Pp
180The union file system manipulates the namespace, rather than
181individual file systems.
182The union operation applies recursively down the directory tree
183now rooted at
184.Ar uniondir .
185Thus any file systems which are mounted under
186.Ar uniondir
187will take part in the union operation.
188This differs from the
189.Cm union
190option to
191.Xr mount 8
192which only applies the union operation to the mount point itself,
193and then only for lookups.
194.Sh MASQUERADE MODE
195When a file
196(or a directory)
197is created in the upper layer, the
198.Cm masquerade
199mode sets it the fixed access mode bits given in
200.Cm ufile
201(for files)
202or
203.Cm udir
204(for directories)
205option and the owner given in
206.Cm udir
207and
208.Cm gid
209options, instead of ones in the lower layer.
210Note that in the
211.Cm masquerade
212mode and when owner of the file or directory matches
213one specified in
214.Cm uid
215option, only mode bits for the owner will be modified.
216More specifically, the file mode bits in the upper layer will
217be
218(mode in the lower layer)
219OR
220(mode given in
221.Cm ufile
222AND 0700), and the ownership will be the same as one in the lower layer.
223.Pp
224The default values for
225.Cm ufile , udir , uid ,
226and
227.Cm gid
228are as follow:
229.Pp
230.Bl -bullet -compact
231.It
232If none of
233.Cm ufile
234and
235.Cm udir
236were specified, access mode bits in the mount point will be used.
237.It
238If none of
239.Cm uid
240and
241.Cm gid
242were specified, ownership in the mount point will be used.
243.It
244If one of
245.Cm udir
246or
247.Cm ufile
248is not specified, the value of the other option will be used.
249.It
250If one of
251.Cm uid
252or
253.Cm gid
254is not specified, the value of the other option will be used.
255.El
256.Sh EXAMPLES
257The commands
258.Bd -literal -offset indent
259mount -t cd9660 -o ro /dev/cd0 /usr/src
260mount -t unionfs -o noatime /var/obj /usr/src
261.Ed
262.Pp
263mount the CD-ROM drive
264.Pa /dev/cd0
265on
266.Pa /usr/src
267and then attaches
268.Pa /var/obj
269on top.
270For most purposes the effect of this is to make the
271source tree appear writable
272even though it is stored on a CD-ROM.
273The
274.Fl o Cm noatime
275option is useful to avoid unnecessary copying from the lower to the
276upper layer.
277.Pp
278The commands
279.Bd -literal -offset indent
280mount -t cd9660 -o ro /dev/cd0 /usr/src
281chown 2020 /usr/src
282mount -t unionfs -o noatime -o copymode=masquerade -o uid=builder \\
283    -o udir=755 -o ufile=644 /var/obj /usr/src
284.Ed
285.Pp
286also mount the CD-ROM drive
287.Pa /dev/cd0
288on
289.Pa /usr/src
290and then attaches
291.Pa /var/obj
292on top.
293Furthermore, the owner of all files and directories in
294.Pa /usr/src
295is a regular user with UID 2020
296when seen from the upper layer.
297Note that for the access mode bits,
298ones in the lower layer
299(on the CD-ROM, in this example)
300are still used without change.
301Thus, write privilege to the upper layer can be controlled
302independently from access mode bits and ownership in the lower layer.
303If a user does not have read privilege from the lower layer,
304one cannot still read even when the upper layer is mounted by using
305.Cm masquerade
306mode.
307.Pp
308The command
309.Bd -literal -offset indent
310mount -t unionfs -o noatime -o below /sys $HOME/sys
311.Ed
312.Pp
313attaches the system source tree below the
314.Pa sys
315directory in the user's home directory.
316This allows individual users to make private changes
317to the source, and build new kernels, without those
318changes becoming visible to other users.
319Note that the files in the lower layer remain
320accessible via
321.Pa /sys .
322.Sh SEE ALSO
323.Xr intro 2 ,
324.Xr mount 2 ,
325.Xr unmount 2 ,
326.Xr fstab 5 ,
327.Xr mount 8 ,
328.Xr mount_nullfs 8
329.Sh HISTORY
330The
331.Nm
332utility first appeared in
333.Bx 4.4 .
334.Pp
335The
336.Fl r
337option for hiding the lower layer completely was removed in
338.Fx 7.0
339because this is identical to using
340.Xr mount_nullfs 8 .
341.Sh AUTHORS
342.An -nosplit
343In
344.Fx 7.0 ,
345.An Masanori OZAWA Aq Mt ozawa@ongs.co.jp
346reimplemented handling of locking, whiteout, and file mode bits, and
347.An Hiroki Sato Aq Mt hrs@FreeBSD.org
348wrote about the changes in this manual page.
349.Sh BUGS
350THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK)
351AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM.
352USE AT YOUR
353OWN RISK.
354BEWARE OF DOG.
355SLIPPERY WHEN WET.
356BATTERIES NOT INCLUDED.
357.Pp
358This code also needs an owner in order to be less dangerous - serious
359hackers can apply by sending mail to
360.Aq Mt freebsd-fs@FreeBSD.org
361and announcing
362their intent to take it over.
363.Pp
364Without whiteout support from the file system backing the upper layer,
365there is no way that delete and rename operations on lower layer
366objects can be done.
367.Er EOPNOTSUPP
368is returned for this kind of operations as generated by VOP_WHITEOUT()
369along with any others which would make modifications to the lower
370layer, such as
371.Xr chmod 1 .
372.Pp
373Running
374.Xr find 1
375over a union tree has the side-effect of creating
376a tree of shadow directories in the upper layer.
377.Pp
378The current implementation does not support copying extended attributes
379for
380.Xr acl 9 ,
381.Xr mac 9 ,
382or so on to the upper layer.
383Note that this may be a security issue.
384.Pp
385A shadow directory, which is one automatically created in the upper
386layer when it exists in the lower layer and does not exist in the
387upper layer, is always created with the superuser privilege.
388However, a file copied from the lower layer in the same way
389is created by the user who accessed it.
390Because of this,
391if the user is not the superuser, even in
392.Cm transparent
393mode the access mode bits in the copied file in the upper layer
394will not always be the same as ones in the lower layer.
395This behavior should be fixed.
396