Fstab Permission Masks Explained

fstab Permission Masks Explained

4.11.2011 | Blog

The fstab masks has puzzled me a little, because it’s not as the unix file permissions, so I thought to share the result of my research for anyone who felt the same.

The fstab exists in /etc/fstab, so let’s examine the fstab a little bit.

The fstab has got 6 columns:
Device name: This is the UNIX filename representing the physical device or partition. Typically, this name starts with /dev.

Mount point: File system type

File system type: This field represents the filesystem to be used when mounting the device or partition. Typical values for this field are ext2, ext3, reiserfs, vfat, iso9660, and udf. auto can be used if multiple filesystems can be used on removable devices such as card readers, CD-ROMs, and DVD-ROMs.

Options: These are options given to the mount, umount and eject commands. A value of defaults means to use the default options for the filesystem being used. users means that any user can mount the device. owner means that only the owner of the device can mount and unmount the device. Usually this is the administrator. rw means to mount the device for read and write access. ro means the device is mounted for read-only access. There are quite a few other options that can be placed in this field.

Dump: This is usually set to zero for removable devices.

Boot Check Priority(Pass): When set to zero, this tells Linux not to do a filesystem integrity check on this device at boot time. The boot should have value 1, if set to 2 will be checked after the boot, and 0 will not check. Enabling this option for removable devices is not recommended.

Here’s an example:

# device name   mount point     fs-type      options                 dump-freq pass-num
LABEL=/         /               ext3         defaults                1 1
/dev/hda6       swap            swap         defaults                0 0
none            /dev/pts        devpts       gid=5,mode=620          0 0
none            /proc           proc         defaults                0 0
none            /dev/shm        tmpfs        defaults                0 0

# Removable media
/dev/cdrom      /mount/cdrom    udf,iso9660  noauto,owner,kudzu,ro   0 0
/dev/fd0        /mount/floppy   auto         noauto,owner,kudzu      0 0

# NTFS Windows XP partition
/dev/hda1       /mnt/WinXP      ntfs-3g      quiet,defaults,locale=en_US.utf8,umask=000    0 0

# Partition shared by Windows and Linux
/dev/hda7       /mnt/shared     vfat         auto,dmask=000              0 0

# mounting tmpfs
tmpfs           /mnt/tmpfschk   tmpfs        size=100m              0 0

# mounting cifs
//pingu/ashare  /store/pingu    cifs         credentials=/root/smbpass.txt 0 0

#mounting NFS
pingu:/store    /store          nfs          rw                     0 0

fstab Options

sync/async – All I/O to the file system should be done (a)synchronously.
auto – The filesystem can be mounted automatically (at bootup, or when mount is passed the -a option). This is really unnecessary as this is the default action of mount -a anyway.
noauto – The filesystem will NOT be automatically mounted at startup, or when mount passed -a. You must explicitly mount the filesystem.
dev/nodev – Interpret/Do not interpret character or block special devices on the file system.
exec / noexec – Permit/Prevent the execution of binaries from the filesystem.
suid/nosuid – Permit/Block the operation of suid, and sgid bits.
ro – Mount read-only.
rw – Mount read-write.
user – Permit any user to mount the filesystem. This automatically implies noexec, nosuid,nodev unless overridden.
nouser – Only permit root to mount the filesystem. This is also a default setting.
defaults – Use default settings. Equivalent to rw, suid, dev, exec, auto, nouser, async.
_netdev – Used for network shares (nfs, samba, sshfs, etc), mounting the network share is delayed until after the boot process brings up the network (otherwise the mount will fail as the network is not up).

Fstab Mask Permissions

The umask is the default for files and folders, if you want to customize files and folders’ permissions you should use fmask and dmask same use as the umask.

I was lost first finding the mask permissions are not like the octal permission codes passed to the chmod command, however I found this table really helpful understanding how the umask permissions work.

	0	1	2	3	4	5	6	7
r	+	+	+	+	–	–	–	–
w	+	+	–	–	+	+	–	–
x	+	–	+	–	+	–	+	–

It works as the normal octal permissions but subtracted from 7, and use the absolute value. for instance if you want to set the permissions to 0777 you will need to set it 0000 in the umask(e.g. umask=0000), if you want to set it to 0755 you will set it to 0022.
The first character represents that its an octal permissions
The second is for the owner
The third is the group

The last is for other or The World

Be Sociable, Share!

Responses

Craig
6.19.2012

Thank you for posting this explanation! It helped me when understand the differences between umask, fmaks and dmask, as well as how their values work differently from those for chmod.

I was trying to mount a truecrypt volume that is formatted with vfat and it required that I use its –fs-options switch, whose umask is the same as fstab. Being a little green when it comes to Linux, I had never had to work anything fstab-related.

Thanks again!

Omar Shaban
6.19.2012

Anytime
That appreciation is what keeps me going

Bridgey the Geek
8.28.2012

Thank you for taking the time.

Why-o-why isn’t it the same as chmod?! Oh well.

Setting up Meteor with Ubuntu 12.10 on an NTFS share partition | Deborah Schmidt
9.17.2012

[…] uid=1000,gid=1000,umask=022,exec are used to set your username and group as owner of the partition (details) and to set the permission attributes to read, write and execute for the owner and read and write for everyone else (details) […]

Antonio
12.14.2012

Obviously there is an error in your grid for the number 3.

It should read as follow :

r +
w –
x –

In addition for the sake of verification none of the columns should look the same…

Flo from Tana
2.25.2013

Tannks for the article, very instructing.

I just found this excellent course (in French, sorry about that) dealing with filesystems and fstab in UNIX environement. It contains a complete table of the fstab options, especially umask that you didn’t mention as an option:

http://doc.ubuntu-fr.org/mount_fstab#le_fichier_fstab

Cheers!

Just wondering
3.24.2013

Where is TRIM and DISCARD?

Omar Shaban
3.29.2013

I’ve been extremely busy lately, I’ll try to cover them as soon as I have the time.

Avinesh
4.05.2013

Very Helpful and well explained.. Thanks for sharing

Jan
4.24.2013

The table column for 3 should be +, -, -.

Omar Shaban
4.24.2013

Updated, Sorry for the type error, Thanks for letting me know.

John
7.04.2013

Thanks for this post!
I’ve just chearched around the internet for the fstab masks thing and could not manage to find a single clue about octal permission numbers to have to be substracted from 7 in fstab anywhere but here.

erik
8.02.2013

Are you sure that “Mount point: File system type” is correct? I understood that this is the directory via that the file system should be available 😉

Angel
9.16.2013

Thank you so much for this, it helped with some trouble I was having mounting a USB Drive in a permanent location.

Compartir una partició a Ubuntu 12.04 accessible des de Windows | Vall de Silicona
2.18.2014

[…] http://www.omaroid.com/fstab-permission-masks-explained/ […]

George Samaras
1.26.2016

I think its the something like :

fstab_perm = !(chmod_perm) (BITWISE NOT)

Ramiro Arias
8.22.2016

You are right George. No need of a table, just what you said.

omaroid

My Blog

A Little About Me

Tags