You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1073 lines
38 KiB

9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
9 years ago
  1. .\"t
  2. .TH "mergerfs" "1" "2016\-12\-14" "mergerfs user manual" ""
  3. .SH NAME
  4. .PP
  5. mergerfs \- another (FUSE based) union filesystem
  6. .SH SYNOPSIS
  7. .PP
  8. mergerfs \-o<options> <srcmounts> <mountpoint>
  9. .SH DESCRIPTION
  10. .PP
  11. \f[B]mergerfs\f[] is a union filesystem geared towards simplifying
  12. storage and management of files across numerous commodity storage
  13. devices.
  14. It is similar to \f[B]mhddfs\f[], \f[B]unionfs\f[], and \f[B]aufs\f[].
  15. .SH FEATURES
  16. .IP \[bu] 2
  17. Runs in userspace (FUSE)
  18. .IP \[bu] 2
  19. Configurable behaviors
  20. .IP \[bu] 2
  21. Support for extended attributes (xattrs)
  22. .IP \[bu] 2
  23. Support for file attributes (chattr)
  24. .IP \[bu] 2
  25. Runtime configurable (via xattrs)
  26. .IP \[bu] 2
  27. Safe to run as root
  28. .IP \[bu] 2
  29. Opportunistic credential caching
  30. .IP \[bu] 2
  31. Works with heterogeneous filesystem types
  32. .IP \[bu] 2
  33. Handling of writes to full drives (transparently move file to drive with
  34. capacity)
  35. .IP \[bu] 2
  36. Handles pool of readonly and read/write drives
  37. .SH OPTIONS
  38. .SS options
  39. .IP \[bu] 2
  40. \f[B]defaults\f[]: a shortcut for FUSE\[aq]s \f[B]atomic_o_trunc\f[],
  41. \f[B]auto_cache\f[], \f[B]big_writes\f[], \f[B]default_permissions\f[],
  42. \f[B]splice_move\f[], \f[B]splice_read\f[], and \f[B]splice_write\f[].
  43. These options seem to provide the best performance.
  44. .IP \[bu] 2
  45. \f[B]direct_io\f[]: causes FUSE to bypass an addition caching step which
  46. can increase write speeds at the detriment of read speed.
  47. .IP \[bu] 2
  48. \f[B]minfreespace\f[]: the minimum space value used for creation
  49. policies.
  50. Understands \[aq]K\[aq], \[aq]M\[aq], and \[aq]G\[aq] to represent
  51. kilobyte, megabyte, and gigabyte respectively.
  52. (default: 4G)
  53. .IP \[bu] 2
  54. \f[B]moveonenospc\f[]: when enabled (set to \f[B]true\f[]) if a
  55. \f[B]write\f[] fails with \f[B]ENOSPC\f[] or \f[B]EDQUOT\f[] a scan of
  56. all drives will be done looking for the drive with most free space which
  57. is at least the size of the file plus the amount which failed to write.
  58. An attempt to move the file to that drive will occur (keeping all
  59. metadata possible) and if successful the original is unlinked and the
  60. write retried.
  61. (default: false)
  62. .IP \[bu] 2
  63. \f[B]func.<func>=<policy>\f[]: sets the specific FUSE function\[aq]s
  64. policy.
  65. See below for the list of value types.
  66. Example: \f[B]func.getattr=newest\f[]
  67. .IP \[bu] 2
  68. \f[B]category.<category>=<policy>\f[]: Sets policy of all FUSE functions
  69. in the provided category.
  70. Example: \f[B]category.create=mfs\f[]
  71. .IP \[bu] 2
  72. \f[B]fsname\f[]: sets the name of the filesystem as seen in
  73. \f[B]mount\f[], \f[B]df\f[], etc.
  74. Defaults to a list of the source paths concatenated together with the
  75. longest common prefix removed.
  76. .IP \[bu] 2
  77. \f[B]use_ino\f[]: causes mergerfs to supply file/directory inodes rather
  78. than libfuse.
  79. While not a default it is generally recommended it be enabled so that
  80. hard linked files share the same inode value.
  81. .PP
  82. \f[B]NOTE:\f[] Options are evaluated in the order listed so if the
  83. options are \f[B]func.rmdir=rand,category.action=ff\f[] the
  84. \f[B]action\f[] category setting will override the \f[B]rmdir\f[]
  85. setting.
  86. .SS srcmounts
  87. .PP
  88. The srcmounts (source mounts) argument is a colon (\[aq]:\[aq])
  89. delimited list of paths to be included in the pool.
  90. It does not matter if the paths are on the same or different drives nor
  91. does it matter the filesystem.
  92. Used and available space will not be duplicated for paths on the same
  93. device and any features which aren\[aq]t supported by the underlying
  94. filesystem (such as file attributes or extended attributes) will return
  95. the appropriate errors.
  96. .PP
  97. To make it easier to include multiple source mounts mergerfs supports
  98. globbing (http://linux.die.net/man/7/glob).
  99. \f[B]The globbing tokens MUST be escaped when using via the shell else
  100. the shell itself will expand it.\f[]
  101. .IP
  102. .nf
  103. \f[C]
  104. $\ mergerfs\ \-o\ defaults,allow_other\ /mnt/disk\\*:/mnt/cdrom\ /media/drives
  105. \f[]
  106. .fi
  107. .PP
  108. The above line will use all mount points in /mnt prefixed with
  109. \f[B]disk\f[] and the \f[B]cdrom\f[].
  110. .PP
  111. To have the pool mounted at boot or otherwise accessable from related
  112. tools use \f[B]/etc/fstab\f[].
  113. .IP
  114. .nf
  115. \f[C]
  116. #\ <file\ system>\ \ \ \ \ \ \ \ <mount\ point>\ \ <type>\ \ \ \ \ \ \ \ \ <options>\ \ \ \ \ \ \ \ \ \ \ \ \ <dump>\ \ <pass>
  117. /mnt/disk*:/mnt/cdrom\ \ /media/drives\ \ fuse.mergerfs\ \ defaults,allow_other\ \ 0\ \ \ \ \ \ \ 0
  118. \f[]
  119. .fi
  120. .PP
  121. \f[B]NOTE:\f[] the globbing is done at mount or xattr update time (see
  122. below).
  123. If a new directory is added matching the glob after the fact it will not
  124. be automatically included.
  125. .PP
  126. \f[B]NOTE:\f[] for mounting via \f[B]fstab\f[] to work you must have
  127. \f[B]mount.fuse\f[] installed.
  128. For Ubuntu/Debian it is included in the \f[B]fuse\f[] package.
  129. .SH FUNCTIONS / POLICIES / CATEGORIES
  130. .PP
  131. The POSIX filesystem API has a number of functions.
  132. \f[B]creat\f[], \f[B]stat\f[], \f[B]chown\f[], etc.
  133. In mergerfs these functions are grouped into 3 categories:
  134. \f[B]action\f[], \f[B]create\f[], and \f[B]search\f[].
  135. Functions and categories can be assigned a policy which dictates how
  136. \f[B]mergerfs\f[] behaves.
  137. Any policy can be assigned to a function or category though some are not
  138. very practical.
  139. For instance: \f[B]rand\f[] (random) may be useful for file creation
  140. (create) but could lead to very odd behavior if used for \f[C]chmod\f[]
  141. (though only if there were more than one copy of the file).
  142. .PP
  143. Policies, when called to create, will ignore drives which are readonly
  144. or have less than \f[B]minfreespace\f[].
  145. This allows for read/write and readonly drives to be mixed together and
  146. keep drives which may remount as readonly on error from further
  147. affecting the pool.
  148. .SS Function / Category classifications
  149. .PP
  150. .TS
  151. tab(@);
  152. l l.
  153. T{
  154. Category
  155. T}@T{
  156. FUSE Functions
  157. T}
  158. _
  159. T{
  160. action
  161. T}@T{
  162. chmod, chown, link, removexattr, rename, rmdir, setxattr, truncate,
  163. unlink, utimens
  164. T}
  165. T{
  166. create
  167. T}@T{
  168. create, mkdir, mknod, symlink
  169. T}
  170. T{
  171. search
  172. T}@T{
  173. access, getattr, getxattr, ioctl, listxattr, open, readlink
  174. T}
  175. T{
  176. N/A
  177. T}@T{
  178. fallocate, fgetattr, fsync, ftruncate, ioctl, read, readdir, release,
  179. statfs, write
  180. T}
  181. .TE
  182. .PP
  183. Due to FUSE limitations \f[B]ioctl\f[] behaves differently if its acting
  184. on a directory.
  185. It\[aq]ll use the \f[B]getattr\f[] policy to find and open the directory
  186. before issuing the \f[B]ioctl\f[].
  187. In other cases where something may be searched (to confirm a directory
  188. exists across all source mounts) \f[B]getattr\f[] will also be used.
  189. .SS Policy descriptions
  190. .PP
  191. .TS
  192. tab(@);
  193. l l.
  194. T{
  195. Policy
  196. T}@T{
  197. Description
  198. T}
  199. _
  200. T{
  201. all
  202. T}@T{
  203. Search category: acts like \f[B]ff\f[].
  204. Action category: apply to all found.
  205. Create category: for \f[B]mkdir\f[], \f[B]mknod\f[], and
  206. \f[B]symlink\f[] it will apply to all found.
  207. \f[B]create\f[] works like \f[B]ff\f[].
  208. It will exclude readonly drives and those with free space less than
  209. \f[B]minfreespace\f[].
  210. T}
  211. T{
  212. epall (existing path, all)
  213. T}@T{
  214. Search category: acts like \f[B]epff\f[].
  215. Action category: apply to all found.
  216. Create category: for \f[B]mkdir\f[], \f[B]mknod\f[], and
  217. \f[B]symlink\f[] it will apply to all existing paths found.
  218. \f[B]create\f[] works like \f[B]epff\f[].
  219. It will exclude readonly drives and those with free space less than
  220. \f[B]minfreespace\f[].
  221. T}
  222. T{
  223. epff
  224. T}@T{
  225. Given the order of the drives, as defined at mount time or when
  226. configured via the xattr interface, act on the first one found where the
  227. path already exists.
  228. For \f[B]create\f[] category it will exclude readonly drives and those
  229. with free space less than \f[B]minfreespace\f[] (unless there is no
  230. other option).
  231. Falls back to \f[B]ff\f[].
  232. T}
  233. T{
  234. eplfs (existing path, least free space)
  235. T}@T{
  236. If the path exists on multiple drives use the one with the least free
  237. space.
  238. For \f[B]create\f[] category it will exclude readonly drives and those
  239. with free space less than \f[B]minfreespace\f[].
  240. Falls back to \f[B]lfs\f[].
  241. T}
  242. T{
  243. eplus (existing path, least used space)
  244. T}@T{
  245. If the path exists on multiple drives use the one with the least used
  246. space.
  247. For \f[B]create\f[] category it will exclude readonly drives and those
  248. with free space less than \f[B]minfreespace\f[].
  249. Falls back to \f[B]lus\f[].
  250. T}
  251. T{
  252. epmfs (existing path, most free space)
  253. T}@T{
  254. If the path exists on multiple drives use the one with the most free
  255. space.
  256. For \f[B]create\f[] category it will exclude readonly drives and those
  257. with free space less than \f[B]minfreespace\f[].
  258. Falls back to \f[B]mfs\f[].
  259. T}
  260. T{
  261. eprand (existing path, random)
  262. T}@T{
  263. Calls \f[B]epall\f[] and then randomizes.
  264. T}
  265. T{
  266. erofs
  267. T}@T{
  268. Exclusively return \f[B]\-1\f[] with \f[B]errno\f[] set to
  269. \f[B]EROFS\f[].
  270. By setting \f[B]create\f[] functions to this you can in effect turn the
  271. filesystem readonly.
  272. T}
  273. T{
  274. ff (first found)
  275. T}@T{
  276. Given the order of the drives, as defined at mount time or when
  277. configured via xattr interface, act on the first one found.
  278. For \f[B]create\f[] category it will exclude readonly drives and those
  279. with free space less than \f[B]minfreespace\f[] (unless there is no
  280. other option).
  281. T}
  282. T{
  283. lfs (least free space)
  284. T}@T{
  285. Pick the drive with the least available free space.
  286. For \f[B]create\f[] category it will exclude readonly drives and those
  287. with free space less than \f[B]minfreespace\f[].
  288. Falls back to \f[B]mfs\f[].
  289. T}
  290. T{
  291. lus (least used space)
  292. T}@T{
  293. Pick the drive with the least used space.
  294. For \f[B]create\f[] category it will exclude readonly drives and those
  295. with free space less than \f[B]minfreespace\f[].
  296. Falls back to \f[B]mfs\f[].
  297. T}
  298. T{
  299. mfs (most free space)
  300. T}@T{
  301. Pick the drive with the most available free space.
  302. For \f[B]create\f[] category it will exclude readonly drives and those
  303. with free space less than \f[B]minfreespace\f[].
  304. Falls back to \f[B]ff\f[].
  305. T}
  306. T{
  307. newest (newest file)
  308. T}@T{
  309. Pick the file / directory with the largest mtime.
  310. For \f[B]create\f[] category it will exclude readonly drives and those
  311. with free space less than \f[B]minfreespace\f[] (unless there is no
  312. other option).
  313. T}
  314. T{
  315. rand (random)
  316. T}@T{
  317. Calls \f[B]all\f[] and then randomizes.
  318. T}
  319. .TE
  320. .PP
  321. \f[B]epff\f[], \f[B]eplfs\f[], \f[B]eplus\f[], and \f[B]epmf\f[] are
  322. path preserving policies.
  323. As the descriptions above explain they will only consider drives where
  324. the path being accessed exists.
  325. Non\-path preserving policies will clone paths as necessary.
  326. .SS Defaults
  327. .PP
  328. .TS
  329. tab(@);
  330. l l.
  331. T{
  332. Category
  333. T}@T{
  334. Policy
  335. T}
  336. _
  337. T{
  338. action
  339. T}@T{
  340. all
  341. T}
  342. T{
  343. create
  344. T}@T{
  345. epmfs
  346. T}
  347. T{
  348. search
  349. T}@T{
  350. ff
  351. T}
  352. .TE
  353. .SS rename & link
  354. .PP
  355. rename (http://man7.org/linux/man-pages/man2/rename.2.html) is a tricky
  356. function in a merged system.
  357. Normally if a rename can\[aq]t be done atomically due to the source and
  358. destination paths existing on different mount points it will return
  359. \f[B]\-1\f[] with \f[B]errno = EXDEV\f[].
  360. The atomic rename is most critical for replacing files in place
  361. atomically (such as securing writing to a temp file and then replacing a
  362. target).
  363. The problem is that by merging multiple paths you can have N instances
  364. of the source and destinations on different drives.
  365. This can lead to several undesirable situtations with or without errors
  366. and it\[aq]s not entirely obvious what to do when an error occurs.
  367. .PP
  368. Originally mergerfs would return EXDEV whenever a rename was requested
  369. which was cross directory in any way.
  370. This made the code simple and was technically complient with POSIX
  371. requirements.
  372. However, many applications fail to handle EXDEV at all and treat it as a
  373. normal error or they only partially support EXDEV (don\[aq]t respond the
  374. same as \f[C]mv\f[] would).
  375. Such apps include: gvfsd\-fuse v1.20.3 and prior, Finder / CIFS/SMB
  376. client in Apple OSX 10.9+, NZBGet, Samba\[aq]s recycling bin feature.
  377. .IP \[bu] 2
  378. If using a \f[B]create\f[] policy which tries to preserve directory
  379. paths (epff,eplfs,eplus,epmfs)
  380. .IP \[bu] 2
  381. Using the \f[B]rename\f[] policy get the list of files to rename
  382. .IP \[bu] 2
  383. For each file attempt rename:
  384. .RS 2
  385. .IP \[bu] 2
  386. If failure with ENOENT run \f[B]create\f[] policy
  387. .IP \[bu] 2
  388. If create policy returns the same drive as currently evaluating then
  389. clone the path
  390. .IP \[bu] 2
  391. Re\-attempt rename
  392. .RE
  393. .IP \[bu] 2
  394. If \f[B]any\f[] of the renames succeed the higher level rename is
  395. considered a success
  396. .IP \[bu] 2
  397. If \f[B]no\f[] renames succeed the first error encountered will be
  398. returned
  399. .IP \[bu] 2
  400. On success:
  401. .RS 2
  402. .IP \[bu] 2
  403. Remove the target from all drives with no source file
  404. .IP \[bu] 2
  405. Remove the source from all drives which failed to rename
  406. .RE
  407. .IP \[bu] 2
  408. If using a \f[B]create\f[] policy which does \f[B]not\f[] try to
  409. preserve directory paths
  410. .IP \[bu] 2
  411. Using the \f[B]rename\f[] policy get the list of files to rename
  412. .IP \[bu] 2
  413. Using the \f[B]getattr\f[] policy get the target path
  414. .IP \[bu] 2
  415. For each file attempt rename:
  416. .RS 2
  417. .IP \[bu] 2
  418. If the source drive != target drive:
  419. .IP \[bu] 2
  420. Clone target path from target drive to source drive
  421. .IP \[bu] 2
  422. Rename
  423. .RE
  424. .IP \[bu] 2
  425. If \f[B]any\f[] of the renames succeed the higher level rename is
  426. considered a success
  427. .IP \[bu] 2
  428. If \f[B]no\f[] renames succeed the first error encountered will be
  429. returned
  430. .IP \[bu] 2
  431. On success:
  432. .RS 2
  433. .IP \[bu] 2
  434. Remove the target from all drives with no source file
  435. .IP \[bu] 2
  436. Remove the source from all drives which failed to rename
  437. .RE
  438. .PP
  439. The the removals are subject to normal entitlement checks.
  440. .PP
  441. The above behavior will help minimize the likelihood of EXDEV being
  442. returned but it will still be possible.
  443. To remove the possibility all together mergerfs would need to perform
  444. the as \f[B]mv\f[] does when it receives EXDEV normally.
  445. .PP
  446. \f[B]link\f[] uses the same basic strategy.
  447. .SS readdir
  448. .PP
  449. readdir (http://linux.die.net/man/3/readdir) is different from all other
  450. filesystem functions.
  451. While it could have it\[aq]s own set of policies to tweak its behavior
  452. at this time it provides a simple union of files and directories found.
  453. Remember that any action or information queried about these files and
  454. directories come from the respective function.
  455. For instance: an \f[B]ls\f[] is a \f[B]readdir\f[] and for each
  456. file/directory returned \f[B]getattr\f[] is called.
  457. Meaning the policy of \f[B]getattr\f[] is responsible for choosing the
  458. file/directory which is the source of the metadata you see in an
  459. \f[B]ls\f[].
  460. .SS statvfs
  461. .PP
  462. statvfs (http://linux.die.net/man/2/statvfs) normalizes the source
  463. drives based on the fragment size and sums the number of adjusted blocks
  464. and inodes.
  465. This means you will see the combined space of all sources.
  466. Total, used, and free.
  467. The sources however are dedupped based on the drive so multiple sources
  468. on the same drive will not result in double counting it\[aq]s space.
  469. .SH BUILDING
  470. .PP
  471. \f[B]NOTE:\f[] Prebuilt packages can be found at:
  472. https://github.com/trapexit/mergerfs/releases
  473. .PP
  474. First get the code from github (http://github.com/trapexit/mergerfs).
  475. .IP
  476. .nf
  477. \f[C]
  478. $\ git\ clone\ https://github.com/trapexit/mergerfs.git
  479. $\ #\ or
  480. $\ wget\ https://github.com/trapexit/mergerfs/releases/download/<ver>/mergerfs\-<ver>.tar.gz
  481. \f[]
  482. .fi
  483. .SS Debian / Ubuntu
  484. .IP
  485. .nf
  486. \f[C]
  487. $\ sudo\ apt\-get\ install\ g++\ pkg\-config\ git\ git\-buildpackage\ pandoc\ debhelper\ libfuse\-dev\ libattr1\-dev\ python
  488. $\ cd\ mergerfs
  489. $\ make\ deb
  490. $\ sudo\ dpkg\ \-i\ ../mergerfs_version_arch.deb
  491. \f[]
  492. .fi
  493. .SS Fedora
  494. .IP
  495. .nf
  496. \f[C]
  497. $\ su\ \-
  498. #\ dnf\ install\ rpm\-build\ fuse\-devel\ libattr\-devel\ pandoc\ gcc\-c++\ git\ make\ which\ python
  499. #\ cd\ mergerfs
  500. #\ make\ rpm
  501. #\ rpm\ \-i\ rpmbuild/RPMS/<arch>/mergerfs\-<verion>.<arch>.rpm
  502. \f[]
  503. .fi
  504. .SS Generically
  505. .PP
  506. Have git, python, pkg\-config, pandoc, libfuse, libattr1 installed.
  507. .IP
  508. .nf
  509. \f[C]
  510. $\ cd\ mergerfs
  511. $\ make
  512. $\ make\ man
  513. $\ sudo\ make\ install
  514. \f[]
  515. .fi
  516. .SH RUNTIME
  517. .SS \&.mergerfs pseudo file
  518. .IP
  519. .nf
  520. \f[C]
  521. <mountpoint>/.mergerfs
  522. \f[]
  523. .fi
  524. .PP
  525. There is a pseudo file available at the mount point which allows for the
  526. runtime modification of certain \f[B]mergerfs\f[] options.
  527. The file will not show up in \f[B]readdir\f[] but can be
  528. \f[B]stat\f[]\[aq]ed and manipulated via
  529. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls.
  530. .PP
  531. Even if xattrs are disabled for mergerfs the
  532. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls
  533. against this pseudo file will still work.
  534. .PP
  535. Any changes made at runtime are \f[B]not\f[] persisted.
  536. If you wish for values to persist they must be included as options
  537. wherever you configure the mounting of mergerfs (fstab).
  538. .SS Keys
  539. .PP
  540. Use \f[C]xattr\ \-l\ /mount/point/.mergerfs\f[] to see all supported
  541. keys.
  542. Some are informational and therefore readonly.
  543. .SS user.mergerfs.srcmounts
  544. .PP
  545. Used to query or modify the list of source mounts.
  546. When modifying there are several shortcuts to easy manipulation of the
  547. list.
  548. .PP
  549. .TS
  550. tab(@);
  551. l l.
  552. T{
  553. Value
  554. T}@T{
  555. Description
  556. T}
  557. _
  558. T{
  559. [list]
  560. T}@T{
  561. set
  562. T}
  563. T{
  564. +<[list]
  565. T}@T{
  566. prepend
  567. T}
  568. T{
  569. +>[list]
  570. T}@T{
  571. append
  572. T}
  573. T{
  574. \-[list]
  575. T}@T{
  576. remove all values provided
  577. T}
  578. T{
  579. \-<
  580. T}@T{
  581. remove first in list
  582. T}
  583. T{
  584. \->
  585. T}@T{
  586. remove last in list
  587. T}
  588. .TE
  589. .SS minfreespace
  590. .PP
  591. Input: interger with an optional multiplier suffix.
  592. \f[B]K\f[], \f[B]M\f[], or \f[B]G\f[].
  593. .PP
  594. Output: value in bytes
  595. .SS moveonenospc
  596. .PP
  597. Input: \f[B]true\f[] and \f[B]false\f[]
  598. .PP
  599. Ouput: \f[B]true\f[] or \f[B]false\f[]
  600. .SS categories / funcs
  601. .PP
  602. Input: short policy string as described elsewhere in this document
  603. .PP
  604. Output: the policy string except for categories where its funcs have
  605. multiple types.
  606. In that case it will be a comma separated list
  607. .SS Example
  608. .IP
  609. .nf
  610. \f[C]
  611. [trapexit:/tmp/mount]\ $\ xattr\ \-l\ .mergerfs
  612. user.mergerfs.srcmounts:\ /tmp/a:/tmp/b
  613. user.mergerfs.minfreespace:\ 4294967295
  614. user.mergerfs.moveonenospc:\ false
  615. \&...
  616. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  617. ff
  618. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.category.search\ newest\ .mergerfs
  619. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  620. newest
  621. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ +/tmp/c\ .mergerfs
  622. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  623. /tmp/a:/tmp/b:/tmp/c
  624. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ =/tmp/c\ .mergerfs
  625. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  626. /tmp/c
  627. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ \[aq]+</tmp/a:/tmp/b\[aq]\ .mergerfs
  628. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  629. /tmp/a:/tmp/b:/tmp/c
  630. \f[]
  631. .fi
  632. .SS file / directory xattrs
  633. .PP
  634. While they won\[aq]t show up when using
  635. listxattr (http://linux.die.net/man/2/listxattr) \f[B]mergerfs\f[]
  636. offers a number of special xattrs to query information about the files
  637. served.
  638. To access the values you will need to issue a
  639. getxattr (http://linux.die.net/man/2/getxattr) for one of the following:
  640. .IP \[bu] 2
  641. \f[B]user.mergerfs.basepath:\f[] the base mount point for the file given
  642. the current getattr policy
  643. .IP \[bu] 2
  644. \f[B]user.mergerfs.relpath:\f[] the relative path of the file from the
  645. perspective of the mount point
  646. .IP \[bu] 2
  647. \f[B]user.mergerfs.fullpath:\f[] the full path of the original file
  648. given the getattr policy
  649. .IP \[bu] 2
  650. \f[B]user.mergerfs.allpaths:\f[] a NUL (\[aq]\[aq]) separated list of
  651. full paths to all files found
  652. .IP
  653. .nf
  654. \f[C]
  655. [trapexit:/tmp/mount]\ $\ ls
  656. A\ B\ C
  657. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.fullpath\ A
  658. /mnt/a/full/path/to/A
  659. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.basepath\ A
  660. /mnt/a
  661. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.relpath\ A
  662. /full/path/to/A
  663. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.allpaths\ A\ |\ tr\ \[aq]\\0\[aq]\ \[aq]\\n\[aq]
  664. /mnt/a/full/path/to/A
  665. /mnt/b/full/path/to/A
  666. \f[]
  667. .fi
  668. .SH TOOLING
  669. .IP \[bu] 2
  670. https://github.com/trapexit/mergerfs\-tools
  671. .IP \[bu] 2
  672. mergerfs.ctl: A tool to make it easier to query and configure mergerfs
  673. at runtime
  674. .IP \[bu] 2
  675. mergerfs.fsck: Provides permissions and ownership auditing and the
  676. ability to fix them
  677. .IP \[bu] 2
  678. mergerfs.dedup: Will help identify and optionally remove duplicate files
  679. .IP \[bu] 2
  680. mergerfs.mktrash: Creates FreeDesktop.org Trash specification compatible
  681. directories on a mergerfs mount
  682. .IP \[bu] 2
  683. https://github.com/trapexit/scorch
  684. .IP \[bu] 2
  685. scorch: A tool to help discover silent corruption of files
  686. .SH TIPS / NOTES
  687. .IP \[bu] 2
  688. Run mergerfs as \f[C]root\f[] unless you\[aq]re merging paths which are
  689. owned by the same user otherwise strange permission issues may arise.
  690. .IP \[bu] 2
  691. https://github.com/trapexit/backup\-and\-recovery\-howtos : A set of
  692. guides / howtos on creating a data storage system, backing it up,
  693. maintaining it, and recovering from failure.
  694. .IP \[bu] 2
  695. If you don\[aq]t see some directories / files you expect in a merged
  696. point be sure the user has permission to all the underlying directories.
  697. If \f[C]/drive0/a\f[] has is owned by \f[C]root:root\f[] with ACLs set
  698. to \f[C]0700\f[] and \f[C]/drive1/a\f[] is \f[C]root:root\f[] and
  699. \f[C]0755\f[] you\[aq]ll see only \f[C]/drive1/a\f[].
  700. Use \f[C]mergerfs.fsck\f[] to audit the drive for out of sync
  701. permissions.
  702. .IP \[bu] 2
  703. Do \f[I]not\f[] use \f[C]direct_io\f[] if you expect applications (such
  704. as rtorrent) to mmap (http://linux.die.net/man/2/mmap) files.
  705. It is not currently supported in FUSE w/ \f[C]direct_io\f[] enabled.
  706. .IP \[bu] 2
  707. Since POSIX gives you only error or success on calls its difficult to
  708. determine the proper behavior when applying the behavior to multiple
  709. targets.
  710. \f[B]mergerfs\f[] will return an error only if all attempts of an action
  711. fail.
  712. Any success will lead to a success returned.
  713. .IP \[bu] 2
  714. The recommended options are \f[B]defaults,allow_other\f[].
  715. The \f[B]allow_other\f[] is to allow users who are not the one which
  716. executed mergerfs access to the mountpoint.
  717. \f[B]defaults\f[] is described above and should offer the best
  718. performance.
  719. It\[aq]s possible that if you\[aq]re running on an older platform the
  720. \f[B]splice\f[] features aren\[aq]t available and could error.
  721. In that case simply use the other options manually.
  722. .IP \[bu] 2
  723. If write performance is valued more than read it may be useful to enable
  724. \f[B]direct_io\f[].
  725. Best to benchmark with and without and choose appropriately.
  726. .IP \[bu] 2
  727. Remember: some policies mixed with some functions may result in strange
  728. behaviors.
  729. Not that some of these behaviors and race conditions couldn\[aq]t happen
  730. outside \f[B]mergerfs\f[] but that they are far more likely to occur on
  731. account of attempt to merge together multiple sources of data which
  732. could be out of sync due to the different policies.
  733. .IP \[bu] 2
  734. An example: Kodi (http://kodi.tv) and Plex (http://plex.tv) can use
  735. directory mtime (http://linux.die.net/man/2/stat) to more efficiently
  736. determine whether to scan for new content rather than simply performing
  737. a full scan.
  738. If using the current default \f[B]getattr\f[] policy of \f[B]ff\f[] its
  739. possible \f[B]Kodi\f[] will miss an update on account of it returning
  740. the first directory found\[aq]s \f[B]stat\f[] info and its a later
  741. directory on another mount which had the \f[B]mtime\f[] recently
  742. updated.
  743. To fix this you will want to set \f[B]func.getattr=newest\f[].
  744. Remember though that this is just \f[B]stat\f[].
  745. If the file is later \f[B]open\f[]\[aq]ed or \f[B]unlink\f[]\[aq]ed and
  746. the policy is different for those then a completely different file or
  747. directory could be acted on.
  748. .IP \[bu] 2
  749. Due to previously mentioned issues its generally best to set
  750. \f[B]category\f[] wide policies rather than individual
  751. \f[B]func\f[]\[aq]s.
  752. This will help limit the confusion of tools such as
  753. rsync (http://linux.die.net/man/1/rsync).
  754. .SH KNOWN ISSUES / BUGS
  755. .SS rtorrent fails with ENODEV (No such device)
  756. .PP
  757. Be sure to turn off \f[C]direct_io\f[].
  758. rtorrent and some other applications use
  759. mmap (http://linux.die.net/man/2/mmap) to read and write to files and
  760. offer no failback to traditional methods.
  761. FUSE does not currently support mmap while using \f[C]direct_io\f[].
  762. There will be a performance penalty on writes with \f[C]direct_io\f[]
  763. off but it\[aq]s the only way to get such applications to work.
  764. If the performance loss is too high for other apps you can mount
  765. mergerfs twice.
  766. Once with \f[C]direct_io\f[] enabled and one without it.
  767. .SS mmap performance is really bad
  768. .PP
  769. There is a bug (https://lkml.org/lkml/2016/3/16/260) in caching which
  770. affects overall performance of mmap through FUSE in Linux 4.x kernels.
  771. It is fixed in 4.4.10 and 4.5.4 (https://lkml.org/lkml/2016/5/11/59).
  772. .SS Trashing files occasionally fails
  773. .PP
  774. This is the same issue as with Samba.
  775. \f[C]rename\f[] returns \f[C]EXDEV\f[] (in our case that will really
  776. only happen with path preserving policies like \f[C]epmfs\f[]) and the
  777. software doesn\[aq]t handle the situtation well.
  778. This is unfortunately a common failure of software which moves files
  779. around.
  780. The standard indicates that an implementation \f[C]MAY\f[] choose to
  781. support non\-user home directory trashing of files (which is a
  782. \f[C]MUST\f[]).
  783. The implementation \f[C]MAY\f[] also support "top directory trashes"
  784. which many probably do.
  785. .PP
  786. To create a \f[C]$topdir/.Trash\f[] directory as defined in the standard
  787. use the mergerfs\-tools (https://github.com/trapexit/mergerfs-tools)
  788. tool \f[C]mergerfs.mktrash\f[].
  789. .SS Samba: Moving files / directories fails
  790. .PP
  791. Workaround: Copy the file/directory and then remove the original rather
  792. than move.
  793. .PP
  794. This isn\[aq]t an issue with Samba but some SMB clients.
  795. GVFS\-fuse v1.20.3 and prior (found in Ubuntu 14.04 among others) failed
  796. to handle certain error codes correctly.
  797. Particularly \f[B]STATUS_NOT_SAME_DEVICE\f[] which comes from the
  798. \f[B]EXDEV\f[] which is returned by \f[B]rename\f[] when the call is
  799. crossing mount points.
  800. When a program gets an \f[B]EXDEV\f[] it needs to explicitly take an
  801. alternate action to accomplish it\[aq]s goal.
  802. In the case of \f[B]mv\f[] or similar it tries \f[B]rename\f[] and on
  803. \f[B]EXDEV\f[] falls back to a manual copying of data between the two
  804. locations and unlinking the source.
  805. In these older versions of GVFS\-fuse if it received \f[B]EXDEV\f[] it
  806. would translate that into \f[B]EIO\f[].
  807. This would cause \f[B]mv\f[] or most any application attempting to move
  808. files around on that SMB share to fail with a IO error.
  809. .PP
  810. GVFS\-fuse v1.22.0 (https://bugzilla.gnome.org/show_bug.cgi?id=734568)
  811. and above fixed this issue but a large number of systems use the older
  812. release.
  813. On Ubuntu the version can be checked by issuing
  814. \f[C]apt\-cache\ showpkg\ gvfs\-fuse\f[].
  815. Most distros released in 2015 seem to have the updated release and will
  816. work fine but older systems may not.
  817. Upgrading gvfs\-fuse or the distro in general will address the problem.
  818. .PP
  819. In Apple\[aq]s MacOSX 10.9 they replaced Samba (client and server) with
  820. their own product.
  821. It appears their new client does not handle \f[B]EXDEV\f[] either and
  822. responds similar to older release of gvfs on Linux.
  823. .SS Supplemental user groups
  824. .PP
  825. Due to the overhead of
  826. getgroups/setgroups (http://linux.die.net/man/2/setgroups) mergerfs
  827. utilizes a cache.
  828. This cache is opportunistic and per thread.
  829. Each thread will query the supplemental groups for a user when that
  830. particular thread needs to change credentials and will keep that data
  831. for the lifetime of the thread.
  832. This means that if a user is added to a group it may not be picked up
  833. without the restart of mergerfs.
  834. However, since the high level FUSE API\[aq]s (at least the standard
  835. version) thread pool dynamically grows and shrinks it\[aq]s possible
  836. that over time a thread will be killed and later a new thread with no
  837. cache will start and query the new data.
  838. .PP
  839. The gid cache uses fixed storage to simplify the design and be
  840. compatible with older systems which may not have C++11 compilers.
  841. There is enough storage for 256 users\[aq] supplemental groups.
  842. Each user is allowed upto 32 supplemental groups.
  843. Linux >= 2.6.3 allows upto 65535 groups per user but most other *nixs
  844. allow far less.
  845. NFS allowing only 16.
  846. The system does handle overflow gracefully.
  847. If the user has more than 32 supplemental groups only the first 32 will
  848. be used.
  849. If more than 256 users are using the system when an uncached user is
  850. found it will evict an existing user\[aq]s cache at random.
  851. So long as there aren\[aq]t more than 256 active users this should be
  852. fine.
  853. If either value is too low for your needs you will have to modify
  854. \f[C]gidcache.hpp\f[] to increase the values.
  855. Note that doing so will increase the memory needed by each thread.
  856. .SS mergerfs or libfuse crashing
  857. .PP
  858. If suddenly the mergerfs mount point disappears and
  859. \f[C]Transport\ endpoint\ is\ not\ connected\f[] is returned when
  860. attempting to perform actions within the mount directory \f[B]and\f[]
  861. the version of libfuse (use \f[C]mergerfs\ \-v\f[] to find the version)
  862. is older than \f[C]2.9.4\f[] its likely due to a bug in libfuse.
  863. Affected versions of libfuse can be found in Debian Wheezy, Ubuntu
  864. Precise and others.
  865. .PP
  866. In order to fix this please install newer versions of libfuse.
  867. If using a Debian based distro (Debian,Ubuntu,Mint) you can likely just
  868. install newer versions of
  869. libfuse (https://packages.debian.org/unstable/libfuse2) and
  870. fuse (https://packages.debian.org/unstable/fuse) from the repo of a
  871. newer release.
  872. .SS mergerfs under heavy load and memory preasure leads to kernel panic
  873. .PP
  874. https://lkml.org/lkml/2016/9/14/527
  875. .IP
  876. .nf
  877. \f[C]
  878. [25192.515454]\ kernel\ BUG\ at\ /build/linux\-a2WvEb/linux\-4.4.0/mm/workingset.c:346!
  879. [25192.517521]\ invalid\ opcode:\ 0000\ [#1]\ SMP
  880. [25192.519602]\ Modules\ linked\ in:\ netconsole\ ip6t_REJECT\ nf_reject_ipv6\ ipt_REJECT\ nf_reject_ipv4\ configfs\ binfmt_misc\ veth\ bridge\ stp\ llc\ nf_conntrack_ipv6\ nf_defrag_ipv6\ xt_conntrack\ ip6table_filter\ ip6_tables\ xt_multiport\ iptable_filter\ ipt_MASQUERADE\ nf_nat_masquerade_ipv4\ xt_comment\ xt_nat\ iptable_nat\ nf_conntrack_ipv4\ nf_defrag_ipv4\ nf_nat_ipv4\ nf_nat\ nf_conntrack\ xt_CHECKSUM\ xt_tcpudp\ iptable_mangle\ ip_tables\ x_tables\ intel_rapl\ x86_pkg_temp_thermal\ intel_powerclamp\ eeepc_wmi\ asus_wmi\ coretemp\ sparse_keymap\ kvm_intel\ ppdev\ kvm\ irqbypass\ mei_me\ 8250_fintek\ input_leds\ serio_raw\ parport_pc\ tpm_infineon\ mei\ shpchp\ mac_hid\ parport\ lpc_ich\ autofs4\ drbg\ ansi_cprng\ dm_crypt\ algif_skcipher\ af_alg\ btrfs\ raid456\ async_raid6_recov\ async_memcpy\ async_pq\ async_xor\ async_tx\ xor\ raid6_pq\ libcrc32c\ raid0\ multipath\ linear\ raid10\ raid1\ i915\ crct10dif_pclmul\ crc32_pclmul\ aesni_intel\ i2c_algo_bit\ aes_x86_64\ drm_kms_helper\ lrw\ gf128mul\ glue_helper\ ablk_helper\ syscopyarea\ cryptd\ sysfillrect\ sysimgblt\ fb_sys_fops\ drm\ ahci\ r8169\ libahci\ mii\ wmi\ fjes\ video\ [last\ unloaded:\ netconsole]
  881. [25192.540910]\ CPU:\ 2\ PID:\ 63\ Comm:\ kswapd0\ Not\ tainted\ 4.4.0\-36\-generic\ #55\-Ubuntu
  882. [25192.543411]\ Hardware\ name:\ System\ manufacturer\ System\ Product\ Name/P8H67\-M\ PRO,\ BIOS\ 3904\ 04/27/2013
  883. [25192.545840]\ task:\ ffff88040cae6040\ ti:\ ffff880407488000\ task.ti:\ ffff880407488000
  884. [25192.548277]\ RIP:\ 0010:[<ffffffff811ba501>]\ \ [<ffffffff811ba501>]\ shadow_lru_isolate+0x181/0x190
  885. [25192.550706]\ RSP:\ 0018:ffff88040748bbe0\ \ EFLAGS:\ 00010002
  886. [25192.553127]\ RAX:\ 0000000000001c81\ RBX:\ ffff8802f91ee928\ RCX:\ ffff8802f91eeb38
  887. [25192.555544]\ RDX:\ ffff8802f91ee938\ RSI:\ ffff8802f91ee928\ RDI:\ ffff8804099ba2c0
  888. [25192.557914]\ RBP:\ ffff88040748bc08\ R08:\ 000000000001a7b6\ R09:\ 000000000000003f
  889. [25192.560237]\ R10:\ 000000000001a750\ R11:\ 0000000000000000\ R12:\ ffff8804099ba2c0
  890. [25192.562512]\ R13:\ ffff8803157e9680\ R14:\ ffff8803157e9668\ R15:\ ffff8804099ba2c8
  891. [25192.564724]\ FS:\ \ 0000000000000000(0000)\ GS:ffff88041f280000(0000)\ knlGS:0000000000000000
  892. [25192.566990]\ CS:\ \ 0010\ DS:\ 0000\ ES:\ 0000\ CR0:\ 0000000080050033
  893. [25192.569201]\ CR2:\ 00007ffabb690000\ CR3:\ 0000000001e0a000\ CR4:\ 00000000000406e0
  894. [25192.571419]\ Stack:
  895. [25192.573550]\ \ ffff8804099ba2c0\ ffff88039e4f86f0\ ffff8802f91ee928\ ffff8804099ba2c8
  896. [25192.575695]\ \ ffff88040748bd08\ ffff88040748bc58\ ffffffff811b99bf\ 0000000000000052
  897. [25192.577814]\ \ 0000000000000000\ ffffffff811ba380\ 000000000000008a\ 0000000000000080
  898. [25192.579947]\ Call\ Trace:
  899. [25192.582022]\ \ [<ffffffff811b99bf>]\ __list_lru_walk_one.isra.3+0x8f/0x130
  900. [25192.584137]\ \ [<ffffffff811ba380>]\ ?\ memcg_drain_all_list_lrus+0x190/0x190
  901. [25192.586165]\ \ [<ffffffff811b9a83>]\ list_lru_walk_one+0x23/0x30
  902. [25192.588145]\ \ [<ffffffff811ba544>]\ scan_shadow_nodes+0x34/0x50
  903. [25192.590074]\ \ [<ffffffff811a0e9d>]\ shrink_slab.part.40+0x1ed/0x3d0
  904. [25192.591985]\ \ [<ffffffff811a53da>]\ shrink_zone+0x2ca/0x2e0
  905. [25192.593863]\ \ [<ffffffff811a64ce>]\ kswapd+0x51e/0x990
  906. [25192.595737]\ \ [<ffffffff811a5fb0>]\ ?\ mem_cgroup_shrink_node_zone+0x1c0/0x1c0
  907. [25192.597613]\ \ [<ffffffff810a0808>]\ kthread+0xd8/0xf0
  908. [25192.599495]\ \ [<ffffffff810a0730>]\ ?\ kthread_create_on_node+0x1e0/0x1e0
  909. [25192.601335]\ \ [<ffffffff8182e34f>]\ ret_from_fork+0x3f/0x70
  910. [25192.603193]\ \ [<ffffffff810a0730>]\ ?\ kthread_create_on_node+0x1e0/0x1e0
  911. \f[]
  912. .fi
  913. .PP
  914. There is a bug in the kernel.
  915. A work around appears to be turning off \f[C]splice\f[].
  916. Add \f[C]no_splice_write,no_splice_move,no_splice_read\f[] to
  917. mergerfs\[aq] options.
  918. Should be placed after \f[C]defaults\f[] if it is used since it will
  919. turn them on.
  920. .SH FAQ
  921. .SS Why use mergerfs over mhddfs?
  922. .PP
  923. mhddfs is no longer maintained and has some known stability and security
  924. issues (see below).
  925. MergerFS provides a superset of mhddfs\[aq] features and should offer
  926. the same or maybe better performance.
  927. .SS Why use mergerfs over aufs?
  928. .PP
  929. While aufs can offer better peak performance mergerfs offers more
  930. configurability and is generally easier to use.
  931. mergerfs however doesn\[aq]t offer the same overlay features (which
  932. tends to result in whiteout files being left around the underlying
  933. filesystems.)
  934. .SS Why use mergerfs over LVM/ZFS/BTRFS/RAID0 drive concatenation /
  935. striping?
  936. .PP
  937. With simple JBOD / drive concatenation / stripping / RAID0 a single
  938. drive failure will lead to full pool failure.
  939. mergerfs performs a similar behavior without the catastrophic failure
  940. and general lack of recovery.
  941. Drives can fail and all other data will continue to be accessable.
  942. .PP
  943. When combined with something like SnapRaid (http://www.snapraid.it)
  944. and/or an offsite full backup solution you can have the flexibilty of
  945. JBOD without the single point of failure.
  946. .SS Can drives be written to directly? Outside of mergerfs while pooled?
  947. .PP
  948. Yes.
  949. It will be represented immediately in the pool as the policies would
  950. describe.
  951. .SS Why do I get an "out of space" error even though the system says
  952. there\[aq]s lots of space left?
  953. .PP
  954. Please reread the sections above about policies, path preserving, and
  955. the \f[B]moveonenospc\f[] option.
  956. If the policy is path preserving and a drive is almost full and the
  957. drive the policy would pick then the writing of the file may fill the
  958. drive and receive ENOSPC errors.
  959. That is expected with those settings.
  960. If you don\[aq]t want that: enable \f[B]moveonenospc\f[] and don\[aq]t
  961. use a path preserving policy.
  962. .SS How are inodes calculated?
  963. .PP
  964. mergerfs\-inode = (original\-inode | (device\-id << 32))
  965. .PP
  966. While \f[C]ino_t\f[] is 64 bits few filesystems use more than 32.
  967. Similarly, while \f[C]dev_t\f[] is also 64 bits it was traditionally 16
  968. bits.
  969. Bitwise or\[aq]ing them together should work most of the time.
  970. Should it cause a problem in the future the values could be hashed
  971. instead.
  972. .SS It\[aq]s mentioned that there are some security issues with mhddfs.
  973. What are they? How does mergerfs address them?
  974. .PP
  975. mhddfs (https://github.com/trapexit/mhddfs) tries to handle being run as
  976. \f[B]root\f[] by calling
  977. getuid() (https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319)
  978. and if it returns \f[B]0\f[] then it will
  979. chown (http://linux.die.net/man/1/chown) the file.
  980. Not only is that a race condition but it doesn\[aq]t handle many other
  981. situations.
  982. Rather than attempting to simulate POSIX ACL behaviors the proper
  983. behavior is to use seteuid (http://linux.die.net/man/2/seteuid) and
  984. setegid (http://linux.die.net/man/2/setegid), become the user making the
  985. original call and perform the action as them.
  986. This is how mergerfs (https://github.com/trapexit/mergerfs) handles
  987. things.
  988. .PP
  989. If you are familiar with POSIX standards you\[aq]ll know that this
  990. behavior poses a problem.
  991. \f[B]seteuid\f[] and \f[B]setegid\f[] affect the whole process and
  992. \f[B]libfuse\f[] is multithreaded by default.
  993. We\[aq]d need to lock access to \f[B]seteuid\f[] and \f[B]setegid\f[]
  994. with a mutex so that the several threads aren\[aq]t stepping on one
  995. anofther and files end up with weird permissions and ownership.
  996. This however wouldn\[aq]t scale well.
  997. With lots of calls the contention on that mutex would be extremely high.
  998. Thankfully on Linux and OSX we have a better solution.
  999. .PP
  1000. OSX has a non\-portable pthread
  1001. extension (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  1002. for per\-thread user and group impersonation.
  1003. .PP
  1004. Linux does not support
  1005. pthread_setugid_np (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  1006. but user and group IDs are a per\-thread attribute though documentation
  1007. on that fact or how to manipulate them is not well distributed.
  1008. From the \f[B]4.00\f[] release of the Linux man\-pages project for
  1009. setuid (http://man7.org/linux/man-pages/man2/setuid.2.html).
  1010. .RS
  1011. .PP
  1012. At the kernel level, user IDs and group IDs are a per\-thread attribute.
  1013. However, POSIX requires that all threads in a process share the same
  1014. credentials.
  1015. The NPTL threading implementation handles the POSIX requirements by
  1016. providing wrapper functions for the various system calls that change
  1017. process UIDs and GIDs.
  1018. These wrapper functions (including the one for setuid()) employ a
  1019. signal\-based technique to ensure that when one thread changes
  1020. credentials, all of the other threads in the process also change their
  1021. credentials.
  1022. For details, see nptl(7).
  1023. .RE
  1024. .PP
  1025. Turns out the setreuid syscalls apply only to the thread.
  1026. GLIBC hides this away using RT signals to inform all threads to change
  1027. credentials.
  1028. Taking after \f[B]Samba\f[] mergerfs uses
  1029. \f[B]syscall(SYS_setreuid,...)\f[] to set the callers credentials for
  1030. that thread only.
  1031. Jumping back to \f[B]root\f[] as necessary should escalated privileges
  1032. be needed (for instance: to clone paths).
  1033. .PP
  1034. For non\-Linux systems mergerfs uses a read\-write lock and changes
  1035. credentials only when necessary.
  1036. If multiple threads are to be user X then only the first one will need
  1037. to change the processes credentials.
  1038. So long as the other threads need to be user X they will take a readlock
  1039. allow multiple threads to share the credentials.
  1040. Once a request comes in to run as user Y that thread will attempt a
  1041. write lock and change to Y\[aq]s credentials when it can.
  1042. If the ability to give writers priority is supported then that flag will
  1043. be used so threads trying to change credentials don\[aq]t starve.
  1044. This isn\[aq]t the best solution but should work reasonably well.
  1045. As new platforms are supported if they offer per thread credentials
  1046. those APIs will be adopted.
  1047. .SH SUPPORT
  1048. .SS Issues with the software
  1049. .IP \[bu] 2
  1050. github.com: https://github.com/trapexit/mergerfs/issues
  1051. .IP \[bu] 2
  1052. email: trapexit\@spawn.link
  1053. .SS Support development
  1054. .IP \[bu] 2
  1055. Gratipay: https://gratipay.com/~trapexit
  1056. .IP \[bu] 2
  1057. BitCoin: 12CdMhEPQVmjz3SSynkAEuD5q9JmhTDCZA
  1058. .SH LINKS
  1059. .IP \[bu] 2
  1060. http://github.com/trapexit/mergerfs
  1061. .IP \[bu] 2
  1062. http://github.com/trapexit/mergerfs\-tools
  1063. .IP \[bu] 2
  1064. http://github.com/trapexit/scorch
  1065. .IP \[bu] 2
  1066. http://github.com/trapexit/backup\-and\-recovery\-howtos
  1067. .SH AUTHORS
  1068. Antonio SJ Musumeci <trapexit@spawn.link>.