pmount man page

pmount — mount arbitrary hotpluggable devices as normal user


pmount [ options ] device

pmount [ options ] device label

pmount --lock [ options ] device pid

pmount --unlock [ options ] device pid



pmount ("policy mount") is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry.

pmount also supports encrypted devices which use dm-crypt and have LUKS metadata. If a LUKS-capable cryptsetup is installed, pmount will use it to decrypt the device first and mount the mapped unencrypted device instead.

pmount is invoked like this:

pmount device [ label ]

This will mount device to a directory below /media if policy is met (see below). If label is given, the mount point will be /media/label, otherwise it will be /media/device.

The device will be mounted with the following flags:  async,atime,nodev,noexec,noauto,nosuid,user,rw

Some applications like CD burners modify a raw device which must not be mounted while the burning process is in progress. To prevent automatic mounting, pmount offers a locking mechanism: pmount --lock device pid will prevent the pmounting of device until it is unlocked again using pmount --unlock device pid. The process id pid assigns the lock to a particular process; this allows to lock a device by several processes.

During mount, the list of locks is cleaned, i. e. all locks whose associated process does not exist any more are removed. This prevents forgotten indefinite locks from crashed programs.

Running pmount without arguments prints the list of mounted removable devices, a bit in the fashion of mount (1).

Please note that you can use labels and uuids as described in fstab (5) for devices present in /etc/fstab. In this case, the device name need to match exactly the corresponding entry in /etc/fstab, including the LABEL= or UUID= part.


The mount will succeed if all of the following conditions are met:


-r, --read-only

Force the device to be mounted read only. If neither -r nor -w is specified, the kernel will choose an appropriate default.

-w, --read-write

Force the device to be mounted read/write. If neither -r nor -w is specified, the kernel will choose an appropriate default.

-s, --sync

Mount the device with the sync option, i. e. without write caching. Default is async (write-back). With this option, write operations are much slower and due to the massive increase of updates of inode/FAT structures, flash devices may suffer heavily if you write large files. This option is intended to make it safe to just rip out USB drives without proper unmounting.

-A, --noatime

Mount the device with the noatime option. Default is atime.

-e, --exec

Mount the device with the exec option. Default is noexec.

-t filesystem, --type filesystem

Mount as specified file system type. The file system type is automatically determined if this option is not given. See at the bottom for a list of currently supported filesystems.

-c charset, --charset charset

Use given I/O character set (default: utf8 if called in an UTF-8 locale, otherwise mount default). This corresponds with the mount option iocharset (or nls for NTFS). This option is ignored for file systems that do not support setting the character set (see mount (8) for details). Important note: pmount will now mount VFAT filesystems with iocharset=iso8859-1 as iocharset=utf8 currently makes the filesystem case-sensitive (which is pretty bad...).

-u umask, --umask umask

Use specified umask instead of the default one. For UDF, the default is '000', for VFAT and NTFS the default is '077'. This value is ignored for file systems which do not support setting an umask. Note that you can use a value of 077 to forbid anyone else to read/write the files, 027 to allow your group to read the files and 022 to allow anyone to read the files (but only you can write).

--dmask dmask
--fmask fmask

Some filesystems (essentially VFAT and HFS) supports separate umasks (see the -u option just above) for directories and files, to avoid the annoying effect of having all files executable. For these filesystems, you can specify separately the masks using these options. By default, fmask is umask without all executable permissions and dmask is umask. Most of the times, these settings should just do what you want, so there should be seldom any need for using directly the --fmask and --dmask options.

-p file --passphrase file

If the device is encrypted (dm-crypt with LUKS metadata), read the passphrase from specified file instead of prompting at the terminal.

-h, --help

Print a help message and exit successfully.

-d, --debug

Enable verbose debug messages.

-V, --version

Print the current version number and exit successfully.



List of devices (one device per line) which are additionally permitted for pmounting. Globs, such as /dev/sda[123] are permitted. See see glob (7) for a more complete syntax.

See Also

pumount(1), mount(8)

Supported Filesystems

For now, pmount supports the following filesystems: udf, iso9660, vfat, ntfs, hfsplus, hfs, ext3, ext2, ext4, reiserfs, reiser4, xfs, jfs and omfs. They are tried sequentially in that exact order when the filesystem is not specified.  

Additionally, pmount supports the filesystem types ntfs-fuse and ntfs-3g to mount NTFS volumes respectively with ntfsmount (1) or ntfs-3g (1). If the file /sbin/mount.ntfs-3g is found, then pmount will mount NTFS filestystems with type ntfs-3g rather than plain ntfs. To disable this behavior, just specify -t ntfs on the command-line, as this happens only for autodetection.

More About Fstab

pmount now fully resolve all symlinks both in its input and in the /etc/fstab file, which means that if /dev/cdrom is a symlink to /dev/hdc and you try to mount /dev/hdc directly, pmount will delegate this to mount(1). This is a feature, and it contrasts with previous unclear behavior of pmount about symlinks in /etc/fstab.

Known Issues

Though we believe pmount is pretty much free from security problems, there are quite a few glitches that probably will never be fixed.

NOTE: Starting from version 0.9.17, pmount uses the same mechanism as mount (1) to autodetect the filesystem type, so this kind of problems should not happen anymore.


pmount was originally developed by Martin Pitt <>. It is now maintained by Vincent Fourmond <>.

Referenced By


August 27, 2004 Martin Pitt