Some of these options are only useful when they appear in the
/etc/fstab file.
Some of these options could be enabled or disabled by default in
the system kernel. To check the current setting see the options
in /proc/mounts. Note that filesystems also have per-filesystem
specific default mount options (see for example tune2fs -l output
for extN filesystems).
The following options apply to any filesystem that is being
mounted (but not every filesystem actually honors them - e.g.,
the sync option today has an effect only for ext2, ext3, ext4,
fat, vfat, ufs and xfs):
async
All I/O to the filesystem should be done asynchronously. (See
also the sync option.)
atime
Do not use the noatime feature, so the inode access time is
controlled by kernel defaults. See also the descriptions of
the relatime and strictatime mount options.
noatime
Do not update inode access times on this filesystem (e.g. for
faster access on the news spool to speed up news servers).
This works for all inode types (directories too), so it
implies nodiratime.
auto
Can be mounted with the -a option.
noauto
Can only be mounted explicitly (i.e., the -a option will not
cause the filesystem to be mounted).
context=context, fscontext=context, defcontext=context, and
rootcontext=context
The context= option is useful when mounting filesystems that
do not support extended attributes, such as a floppy or hard
disk formatted with VFAT, or systems that are not normally
running under SELinux, such as an ext3 or ext4 formatted disk
from a non-SELinux workstation. You can also use context= on
filesystems you do not trust, such as a floppy. It also helps
in compatibility with xattr-supporting filesystems on earlier
2.4.<x> kernel versions. Even where xattrs are supported, you
can save time not having to label every file by assigning the
entire disk one security context.
A commonly used option for removable media is
context="system_u:object_r:removable_t.
The fscontext= option works for all filesystems, regardless
of their xattr support. The fscontext option sets the
overarching filesystem label to a specific security context.
This filesystem label is separate from the individual labels
on the files. It represents the entire filesystem for certain
kinds of permission checks, such as during mount or file
creation. Individual file labels are still obtained from the
xattrs on the files themselves. The context option actually
sets the aggregate context that fscontext provides, in
addition to supplying the same label for individual files.
You can set the default security context for unlabeled files
using defcontext= option. This overrides the value set for
unlabeled files in the policy and requires a filesystem that
supports xattr labeling.
The rootcontext= option allows you to explicitly label the
root inode of a FS being mounted before that FS or inode
becomes visible to userspace. This was found to be useful for
things like stateless Linux.
Note that the kernel rejects any remount request that
includes the context option, even when unchanged from the
current context.
Warning: the context value might contain commas, in which
case the value has to be properly quoted, otherwise mount
will interpret the comma as a separator between mount
options. Don't forget that the shell strips off quotes and
thus double quoting is required. For example:
mount -t tmpfs none /mnt -o \
'context="system_u:object_r:tmp_t:s0:c127,c456",noexec'
For more details, see selinux(8).
defaults
Use the default options: rw, suid, dev, exec, auto, nouser,
and async.
Note that the real set of all default mount options depends
on the kernel and filesystem type. See the beginning of this
section for more details.
dev
Interpret character or block special devices on the
filesystem.
nodev
Do not interpret character or block special devices on the
filesystem.
diratime
Update directory inode access times on this filesystem. This
is the default. (This option is ignored when noatime is set.)
nodiratime
Do not update directory inode access times on this
filesystem. (This option is implied when noatime is set.)
dirsync
All directory updates within the filesystem should be done
synchronously. This affects the following system calls:
creat(2), link(2), unlink(2), symlink(2), mkdir(2), rmdir(2),
mknod(2) and rename(2).
exec
Permit execution of binaries.
noexec
Do not permit direct execution of any binaries on the mounted
filesystem.
group
Allow an ordinary user to mount the filesystem if one of that
user's groups matches the group of the device. This option
implies the options nosuid and nodev (unless overridden by
subsequent options, as in the option line group,dev,suid).
iversion
Every time the inode is modified, the i_version field will be
incremented.
noiversion
Do not increment the i_version inode field.
mand
Allow mandatory locks on this filesystem. See fcntl(2).
nomand
Do not allow mandatory locks on this filesystem.
_netdev
The filesystem resides on a device that requires network
access (used to prevent the system from attempting to mount
these filesystems until the network has been enabled on the
system).
nofail
Do not report errors for this device if it does not exist.
relatime
Update inode access times relative to modify or change time.
Access time is only updated if the previous access time was
earlier than the current modify or change time. (Similar to
noatime, but it doesn't break mutt(1) or other applications
that need to know if a file has been read since the last time
it was modified.)
Since Linux 2.6.30, the kernel defaults to the behavior
provided by this option (unless noatime was specified), and
the strictatime option is required to obtain traditional
semantics. In addition, since Linux 2.6.30, the file's last
access time is always updated if it is more than 1 day old.
norelatime
Do not use the relatime feature. See also the strictatime
mount option.
strictatime
Allows to explicitly request full atime updates. This makes
it possible for the kernel to default to relatime or noatime
but still allow userspace to override it. For more details
about the default system mount options see /proc/mounts.
nostrictatime
Use the kernel's default behavior for inode access time
updates.
lazytime
Only update times (atime, mtime, ctime) on the in-memory
version of the file inode.
This mount option significantly reduces writes to the inode
table for workloads that perform frequent random writes to
preallocated files.
The on-disk timestamps are updated only when:
• the inode needs to be updated for some change unrelated
to file timestamps
• the application employs fsync(2), syncfs(2), or sync(2)
• an undeleted inode is evicted from memory
• more than 24 hours have passed since the inode was
written to disk.
nolazytime
Do not use the lazytime feature.
suid
Honor set-user-ID and set-group-ID bits or file capabilities
when executing programs from this filesystem.
nosuid
Do not honor set-user-ID and set-group-ID bits or file
capabilities when executing programs from this filesystem. In
addition, SELinux domain transitions require permission
nosuid_transition, which in turn needs also policy capability
nnp_nosuid_transition.
silent
Turn on the silent flag.
loud
Turn off the silent flag.
owner
Allow an ordinary user to mount the filesystem if that user
is the owner of the device. This option implies the options
nosuid and nodev (unless overridden by subsequent options, as
in the option line owner,dev,suid).
remount
Attempt to remount an already-mounted filesystem. This is
commonly used to change the mount flags for a filesystem,
especially to make a readonly filesystem writable. It does
not change device or mount point.
The remount operation together with the bind flag has special
semantics. See above, the subsection Bind mounts.
The remount functionality follows the standard way the mount
command works with options from fstab. This means that mount
does not read fstab (or mtab) only when both device and dir
are specified.
mount -o remount,rw /dev/foo /dir
After this call all old mount options are replaced and
arbitrary stuff from fstab (or mtab) is ignored, except the
loop= option which is internally generated and maintained by
the mount command.
mount -o remount,rw /dir
After this call, mount reads fstab and merges these options
with the options from the command line (-o). If no mountpoint
is found in fstab, then a remount with unspecified source is
allowed.
mount allows the use of --all to remount all already mounted
filesystems which match a specified filter (-O and -t). For
example:
mount --all -o remount,ro -t vfat
remounts all already mounted vfat filesystems in read-only
mode. Each of the filesystems is remounted by mount -o
remount,ro /dir semantic. This means the mount command reads
fstab or mtab and merges these options with the options from
the command line.
ro
Mount the filesystem read-only.
rw
Mount the filesystem read-write.
sync
All I/O to the filesystem should be done synchronously. In
the case of media with a limited number of write cycles (e.g.
some flash drives), sync may cause life-cycle shortening.
user
Allow an ordinary user to mount the filesystem. The name of
the mounting user is written to the mtab file (or to the
private libmount file in /run/mount on systems without a
regular mtab) so that this same user can unmount the
filesystem again. This option implies the options noexec,
nosuid, and nodev (unless overridden by subsequent options,
as in the option line user,exec,dev,suid).
nouser
Forbid an ordinary user to mount the filesystem. This is the
default; it does not imply any other options.
users
Allow any user to mount and to unmount the filesystem, even
when some other ordinary user mounted it. This option implies
the options noexec, nosuid, and nodev (unless overridden by
subsequent options, as in the option line
users,exec,dev,suid).
X-*
All options prefixed with "X-" are interpreted as comments or
as userspace application-specific options. These options are
not stored in user space (e.g., mtab file), nor sent to the
mount.type helpers nor to the mount(2) system call. The
suggested format is X-appname.option.
x-*
The same as X-* options, but stored permanently in user
space. This means the options are also available for
umount(8) or other operations. Note that maintaining mount
options in user space is tricky, because it's necessary use
libmount-based tools and there is no guarantee that the
options will be always available (for example after a move
mount operation or in unshared namespace).
Note that before util-linux v2.30 the x-* options have not
been maintained by libmount and stored in user space
(functionality was the same as for X-* now), but due to the
growing number of use-cases (in initrd, systemd etc.) the
functionality has been extended to keep existing fstab
configurations usable without a change.
X-mount.mkdir[=mode]
Allow to make a target directory (mountpoint) if it does not
exist yet. The optional argument mode specifies the
filesystem access mode used for mkdir(2) in octal notation.
The default mode is 0755. This functionality is supported
only for root users or when mount executed without suid
permissions. The option is also supported as x-mount.mkdir,
this notation is deprecated since v2.30. See also --mkdir
command line option.
X-mount.subdir=directory
Allow mounting sub-directory from a filesystem instead of the
root directory. For now, this feature is implemented by
temporary filesystem root directory mount in unshared
namespace and then bind the sub-directory to the final mount
point and umount the root of the filesystem. The
sub-directory mount shows up atomically for the rest of the
system although it is implemented by multiple mount(2)
syscalls. This feature is EXPERIMENTAL.
nosymfollow
Do not follow symlinks when resolving paths. Symlinks can
still be created, and readlink(1), readlink(2), realpath(1),
and realpath(3) all still work properly.
