LinuxCommandLibrary

pmount

Mount removable devices as normal user

TLDR

Mount a device below /media/ (using device as mount point)

$ pmount [/dev/to/block/device]
copy

Mount a device with a specific filesystem type to /media/label
$ pmount [[-t|--type]] [filesystem] [/dev/to/block/device] [label]
copy

Mount a CD-ROM (filesystem type ISO9660) in read-only mode
$ pmount [[-t|--type]] iso9660 [[-r|--read-only]] [/dev/cdrom]
copy

Mount an NTFS-formatted disk, forcing read-write access
$ pmount [[-t|--type]] ntfs [[-w|--read-write]] [/dev/sdX]
copy

Display all mounted removable devices
$ pmount
copy

SYNOPSIS

pmount [options] device [mountpoint]
pmount [options] {-u|--umount} mountpoint
pmount {-s|--show}

PARAMETERS

device
    The path to the device special file (e.g., /dev/sdb1), or a label/UUID if configured.

mountpoint
    The directory where the device should be mounted. This directory must usually exist and be empty.

-u, --umount
    Unmounts the specified mountpoint. The device argument is not used when unmounting.

-s, --show
    Lists all devices currently mounted via pmount.

-r, --read-only
    Mounts the device in read-only mode.

-w, --writeable
    Mounts the device in writeable mode. This is often the default behavior.

-o options, --options=options
    Specify comma-separated mount options (e.g., uid=1000,gid=1000). These options are subject to restrictions defined in /etc/pmount.allow.

-i, --iso9660
    Hint to mount the device as an ISO9660 filesystem (commonly used for CD/DVD images). The filesystem type is usually auto-detected.

-l, --loop
    Treat the device argument as a file, and mount it as a loop device. Useful for mounting disk images.

-v, --verbose
    Enables verbose output, providing more details about the mounting process.

-d, --debug
    Enables debug output, useful for troubleshooting.

--help
    Displays a brief help message and exits.

--version
    Displays the version information and exits.

DESCRIPTION

The pmount command provides a secure and straightforward way for unprivileged users to mount and unmount removable devices such as USB drives, CDs, and DVDs. Unlike the standard mount(8) command, which typically requires root privileges, pmount is a setuid root program. This allows it to perform privileged operations on behalf of a regular user, but only under strict control.

Its functionality is governed by configuration files like /etc/pmount.allow or udev rules, which define which devices can be mounted, by whom, and with what options. This design enhances system security by preventing arbitrary mounts while still offering user convenience. pmount is particularly useful in desktop environments where users frequently interact with removable media, and also in server contexts where a minimal, secure user-mounting solution is preferred over full root access.

CAVEATS

pmount relies heavily on proper system configuration. If /etc/pmount.allow or udev rules are misconfigured, it could lead to security vulnerabilities or prevent users from mounting devices.
Mount points usually need to be pre-created and empty. The default mount location is often under /media or /mnt, but this can vary by system configuration.
In modern Linux desktop environments, higher-level abstractions like udisks or gvfs often handle automatic mounting of removable media, reducing the direct need for pmount for typical users.

CONFIGURATION FILES

The primary configuration file for pmount is /etc/pmount.allow. This file specifies which users are allowed to mount which devices, and with what options. It uses a simple syntax to define permissions. Some distributions might also use /etc/pmount.deny, though it's less common, or rely entirely on udev rules for device permissions.

PERMISSIONS

pmount is typically installed as a setuid root binary. This means that when a non-root user executes pmount, it temporarily gains root privileges to perform the necessary actions (like interacting with kernel mount syscalls). However, these privileges are strictly confined by the policies defined in its configuration files, ensuring that users cannot perform arbitrary system modifications.

DEFAULT MOUNT LOCATIONS

By default, pmount often attempts to mount devices into a user-specific subdirectory within /media (e.g., /media/user/device_label or /media/user/uuid) or /mnt. The exact default location and naming convention can be configured system-wide and may vary between Linux distributions.

HISTORY

pmount emerged as a solution to the long-standing challenge of allowing non-root users to mount removable devices without compromising system security. Before tools like pmount, users either needed root access (which was insecure) or relied on complex fstab entries with the `user` or `users` option (which could be rigid and less flexible for hot-plug devices).

It provided a simpler, policy-driven approach, often integrating with desktop environments to enable clickable mounting of USB drives and optical media. While its direct command-line usage has become less common in typical desktop use cases due to the rise of automated mounting services (like those provided by udev, udisks, and desktop environments themselves), pmount remains a robust and valuable utility for specific scenarios, especially in command-line-centric or embedded systems.

SEE ALSO

mount(8), umount(8), fstab(5), udev(7), udisks(7), autofs(8)

Copied to clipboard