You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

862 lines
28 KiB

9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
  1. .\"t
  2. .TH "mergerfs" "1" "2016\-02\-21" "mergerfs user manual" ""
  3. .SH NAME
  4. .PP
  5. mergerfs \- another (FUSE based) union filesystem
  6. .SH SYNOPSIS
  7. .PP
  8. mergerfs \-o<options> <srcmounts> <mountpoint>
  9. .SH DESCRIPTION
  10. .PP
  11. \f[B]mergerfs\f[] is a union filesystem geared towards simplifing
  12. storage and management of files across numerous commodity storage
  13. devices.
  14. It is similar to \f[B]mhddfs\f[], \f[B]unionfs\f[], and \f[B]aufs\f[].
  15. .SH FEATURES
  16. .IP \[bu] 2
  17. Runs in userspace (FUSE)
  18. .IP \[bu] 2
  19. Configurable behaviors
  20. .IP \[bu] 2
  21. Support for extended attributes (xattrs)
  22. .IP \[bu] 2
  23. Support for file attributes (chattr)
  24. .IP \[bu] 2
  25. Runtime configurable (via xattrs)
  26. .IP \[bu] 2
  27. Safe to run as root
  28. .IP \[bu] 2
  29. Opportunistic credential caching
  30. .IP \[bu] 2
  31. Works with heterogeneous filesystem types
  32. .IP \[bu] 2
  33. Handling of writes to full drives
  34. .IP \[bu] 2
  35. Handles pool of readonly and read/write drives
  36. .SH OPTIONS
  37. .SS options
  38. .IP \[bu] 2
  39. \f[B]defaults\f[]: a shortcut for FUSE\[aq]s \f[B]atomic_o_trunc\f[],
  40. \f[B]auto_cache\f[], \f[B]big_writes\f[], \f[B]default_permissions\f[],
  41. \f[B]splice_move\f[], \f[B]splice_read\f[], and \f[B]splice_write\f[].
  42. These options seem to provide the best performance.
  43. .IP \[bu] 2
  44. \f[B]direct_io\f[]: causes FUSE to bypass an addition caching step which
  45. can increase write speeds at the detriment of read speed.
  46. .IP \[bu] 2
  47. \f[B]minfreespace\f[]: the minimum space value used for creation
  48. policies.
  49. Understands \[aq]K\[aq], \[aq]M\[aq], and \[aq]G\[aq] to represent
  50. kilobyte, megabyte, and gigabyte respectively.
  51. (default: 4G)
  52. .IP \[bu] 2
  53. \f[B]moveonenospc\f[]: when enabled (set to \f[B]true\f[]) if a
  54. \f[B]write\f[] fails with \f[B]ENOSPC\f[] a scan of all drives will be
  55. done looking for the drive with most free space which is at least the
  56. size of the file plus the amount which failed to write.
  57. An attempt to move the file to that drive will occur (keeping all
  58. metadata possible) and if successful the original is unlinked and the
  59. write retried.
  60. (default: false)
  61. .IP \[bu] 2
  62. \f[B]func.<func>=<policy>\f[]: sets the specific FUSE function\[aq]s
  63. policy.
  64. See below for the list of value types.
  65. Example: \f[B]func.getattr=newest\f[]
  66. .IP \[bu] 2
  67. \f[B]category.<category>=<policy>\f[]: Sets policy of all FUSE functions
  68. in the provided category.
  69. Example: \f[B]category.create=mfs\f[]
  70. .PP
  71. \f[B]NOTE:\f[] Options are evaluated in the order listed so if the
  72. options are \f[B]func.rmdir=rand,category.action=ff\f[] the
  73. \f[B]action\f[] category setting will override the \f[B]rmdir\f[]
  74. setting.
  75. .SS srcmounts
  76. .PP
  77. The source mounts argument is a colon (\[aq]:\[aq]) delimited list of
  78. paths.
  79. To make it simpler to include multiple source mounts without having to
  80. modify your fstab (http://linux.die.net/man/5/fstab) we also support
  81. globbing (http://linux.die.net/man/7/glob).
  82. \f[B]The globbing tokens MUST be escaped when using via the shell else
  83. the shell itself will probably expand it.\f[]
  84. .IP
  85. .nf
  86. \f[C]
  87. $\ mergerfs\ /mnt/disk\\*:/mnt/cdrom\ /media/drives
  88. \f[]
  89. .fi
  90. .PP
  91. The above line will use all mount points in /mnt prefixed with
  92. \f[I]disk\f[] and the directory \f[I]cdrom\f[].
  93. .PP
  94. In /etc/fstab it\[aq]d look like the following:
  95. .IP
  96. .nf
  97. \f[C]
  98. #\ <file\ system>\ \ \ \ \ \ \ \ <mount\ point>\ \ <type>\ \ \ \ \ \ \ \ \ <options>\ \ \ \ \ \ \ \ \ \ \ \ \ <dump>\ \ <pass>
  99. /mnt/disk*:/mnt/cdrom\ \ /media/drives\ \ fuse.mergerfs\ \ defaults,allow_other\ \ 0\ \ \ \ \ \ \ 0
  100. \f[]
  101. .fi
  102. .PP
  103. \f[B]NOTE:\f[] the globbing is done at mount or xattr update time.
  104. If a new directory is added matching the glob after the fact it will not
  105. be included.
  106. .SH FUNCTIONS / POLICIES / CATEGORIES
  107. .PP
  108. The filesystem has a number of functions.
  109. Those functions are grouped into 3 categories: \f[B]action\f[],
  110. \f[B]create\f[], \f[B]search\f[].
  111. These functions and categories can be assigned a policy which dictates
  112. how \f[B]mergerfs\f[] behaves.
  113. Any policy can be assigned to a function or category though some are not
  114. very practical.
  115. For instance: \f[B]rand\f[] (Random) may be useful for file creation
  116. (create) but could lead to very odd behavior if used for \f[C]chmod\f[].
  117. .PP
  118. All policies when used to create will ignore drives which are mounted
  119. readonly.
  120. This allows for read/write and readonly drives to be mixed together.
  121. .SS Function / Category classifications
  122. .PP
  123. .TS
  124. tab(@);
  125. l l.
  126. T{
  127. Category
  128. T}@T{
  129. FUSE Functions
  130. T}
  131. _
  132. T{
  133. action
  134. T}@T{
  135. chmod, chown, link, removexattr, rename, rmdir, setxattr, truncate,
  136. unlink, utimens
  137. T}
  138. T{
  139. create
  140. T}@T{
  141. create, mkdir, mknod, symlink
  142. T}
  143. T{
  144. search
  145. T}@T{
  146. access, getattr, getxattr, ioctl, listxattr, open, readlink
  147. T}
  148. T{
  149. N/A
  150. T}@T{
  151. fallocate, fgetattr, fsync, ftruncate, ioctl, read, readdir, release,
  152. statfs, write
  153. T}
  154. .TE
  155. .PP
  156. Due to FUSE limitations \f[B]ioctl\f[] behaves differently if its acting
  157. on a directory.
  158. It\[aq]ll use the \f[B]getattr\f[] policy to find and open the directory
  159. before issuing the \f[B]ioctl\f[].
  160. In other cases where something may be searched (to confirm a directory
  161. exists across all source mounts) then \f[B]getattr\f[] will be used.
  162. .SS Policy descriptions
  163. .PP
  164. Most policies when called to create will filter out drives which are
  165. readonly or have less than \f[B]minfreespace\f[].
  166. .PP
  167. .TS
  168. tab(@);
  169. l l.
  170. T{
  171. Policy
  172. T}@T{
  173. Description
  174. T}
  175. _
  176. T{
  177. all
  178. T}@T{
  179. Search category: acts like \f[B]ff\f[].
  180. Action category: apply to all found.
  181. Create category: for \f[B]mkdir\f[], \f[B]mknod\f[], and
  182. \f[B]symlink\f[] perform on all read/write drives with
  183. \f[B]minfreespace\f[].
  184. \f[B]create\f[] filters the same way but acts like \f[B]ff\f[].
  185. T}
  186. T{
  187. eplfs (existing path, least free space)
  188. T}@T{
  189. If the path exists on multiple drives use the one with the least free
  190. space.
  191. Falls back to \f[B]lfs\f[].
  192. T}
  193. T{
  194. epmfs (existing path, most free space)
  195. T}@T{
  196. If the path exists on multiple drives use the one with the most free
  197. space.
  198. Falls back to \f[B]mfs\f[].
  199. T}
  200. T{
  201. erofs
  202. T}@T{
  203. Exclusively return \f[B]\-1\f[] with \f[B]errno\f[] set to
  204. \f[B]EROFS\f[].
  205. By setting \f[B]create\f[] functions to this you can in effect turn the
  206. filesystem readonly.
  207. T}
  208. T{
  209. ff (first found)
  210. T}@T{
  211. Given the order of the drives, as defined at mount time or when
  212. configured via xattr interface, act on the first one found.
  213. T}
  214. T{
  215. lfs (least free space)
  216. T}@T{
  217. Pick the drive with the least available free space but more than
  218. \f[B]minfreespace\f[].
  219. Falls back to \f[B]mfs\f[].
  220. T}
  221. T{
  222. mfs (most free space)
  223. T}@T{
  224. Use the drive with the most available free space.
  225. Falls back to \f[B]ff\f[].
  226. T}
  227. T{
  228. newest (newest file)
  229. T}@T{
  230. Pick the file / directory with the largest mtime.
  231. T}
  232. T{
  233. rand (random)
  234. T}@T{
  235. Calls \f[B]all\f[] and then randomizes.
  236. T}
  237. .TE
  238. .SS Defaults
  239. .PP
  240. .TS
  241. tab(@);
  242. l l.
  243. T{
  244. Category
  245. T}@T{
  246. Policy
  247. T}
  248. _
  249. T{
  250. action
  251. T}@T{
  252. all
  253. T}
  254. T{
  255. create
  256. T}@T{
  257. epmfs
  258. T}
  259. T{
  260. search
  261. T}@T{
  262. ff
  263. T}
  264. .TE
  265. .SS rename & link
  266. .PP
  267. rename (http://man7.org/linux/man-pages/man2/rename.2.html) is a tricky
  268. function in a merged system.
  269. Normally if a rename can\[aq]t be done atomically due to the source and
  270. destination paths existing on different mount points it will return
  271. \f[C]\-1\f[] with \f[C]errno\ =\ EXDEV\f[].
  272. The atomic rename is most critical for replacing files in place
  273. atomically (such as securing writing to a temp file and then replacing a
  274. target).
  275. The problem is that by merging multiple paths you can have N instances
  276. of the source and destinations on different drives.
  277. This can lead to several undesirable situtations with or without errors
  278. and it\[aq]s not entirely obvious what to do when an error occurs.
  279. .PP
  280. Originally mergerfs would return EXDEV whenever a rename was requested
  281. which was cross directory in any way.
  282. This made the code simple and was technically complient with POSIX
  283. requirements.
  284. However, many applications fail to handle EXDEV at all and treat it as a
  285. normal error or they only partially support EXDEV (don\[aq]t respond the
  286. same as \f[C]mv\f[] would).
  287. Such apps include: gvfsd\-fuse v1.20.3 and prior, Finder / CIFS/SMB
  288. client in Apple OSX 10.9+, NZBGet, Samba\[aq]s recycling bin feature.
  289. .IP \[bu] 2
  290. If using a \f[C]create\f[] policy which tries to preserve directory
  291. paths (epmfs,eplfs)
  292. .IP \[bu] 2
  293. Using the \f[C]rename\f[] policy get the list of files to rename
  294. .IP \[bu] 2
  295. For each file attempt rename:
  296. .RS 2
  297. .IP \[bu] 2
  298. If failure with ENOENT run \f[C]create\f[] policy
  299. .IP \[bu] 2
  300. If create policy returns the same drive as currently evaluating then
  301. clone the path
  302. .IP \[bu] 2
  303. Re\-attempt rename
  304. .RE
  305. .IP \[bu] 2
  306. If \f[B]any\f[] of the renames succeed the higher level rename is
  307. considered a success
  308. .IP \[bu] 2
  309. If \f[B]no\f[] renames succeed the first error encountered will be
  310. returned
  311. .IP \[bu] 2
  312. On success:
  313. .RS 2
  314. .IP \[bu] 2
  315. Remove the target from all drives with no source file
  316. .IP \[bu] 2
  317. Remove the source from all drives which failed to rename
  318. .RE
  319. .IP \[bu] 2
  320. If using a \f[C]create\f[] policy which does \f[B]not\f[] try to
  321. preserve directory paths
  322. .IP \[bu] 2
  323. Using the \f[C]rename\f[] policy get the list of files to rename
  324. .IP \[bu] 2
  325. Using the \f[C]getattr\f[] policy get the target path
  326. .IP \[bu] 2
  327. For each file attempt rename:
  328. .RS 2
  329. .IP \[bu] 2
  330. If the source drive != target drive:
  331. .IP \[bu] 2
  332. Clone target path from target drive to source drive
  333. .IP \[bu] 2
  334. Rename
  335. .RE
  336. .IP \[bu] 2
  337. If \f[B]any\f[] of the renames succeed the higher level rename is
  338. considered a success
  339. .IP \[bu] 2
  340. If \f[B]no\f[] renames succeed the first error encountered will be
  341. returned
  342. .IP \[bu] 2
  343. On success:
  344. .RS 2
  345. .IP \[bu] 2
  346. Remove the target from all drives with no source file
  347. .IP \[bu] 2
  348. Remove the source from all drives which failed to rename
  349. .RE
  350. .PP
  351. The the removals are subject to normal entitlement checks.
  352. .PP
  353. The above behavior will help minimize the likelihood of EXDEV being
  354. returned but it will still be possible.
  355. To remove the possibility all together mergerfs would need to perform
  356. the as \f[C]mv\f[] does when it receives EXDEV normally.
  357. .PP
  358. \f[C]link\f[] uses the same basic strategy.
  359. .SS readdir
  360. .PP
  361. readdir (http://linux.die.net/man/3/readdir) is different from all other
  362. filesystem functions.
  363. It certainly could have it\[aq]s own set of policies to tweak its
  364. behavior.
  365. At this time it provides a simple \f[B]first found\f[] merging of
  366. directories and files found.
  367. That is: only the first file or directory found for a directory is
  368. returned.
  369. Given how FUSE works though the data representing the returned entry
  370. comes from \f[B]getattr\f[].
  371. .PP
  372. It could be extended to offer the ability to see all files found.
  373. Perhaps concatenating \f[B]#\f[] and a number to the name.
  374. But to really be useful you\[aq]d need to be able to access them which
  375. would complicate file lookup.
  376. .SS statvfs
  377. .PP
  378. statvfs (http://linux.die.net/man/2/statvfs) normalizes the source
  379. drives based on the fragment size and sums the number of adjusted blocks
  380. and inodes.
  381. This means you will see the combined space of all sources.
  382. Total, used, and free.
  383. The sources however are dedupped based on the drive so multiple sources
  384. on the same drive will not result in double counting it\[aq]s space.
  385. .SH BUILDING
  386. .PP
  387. \f[B]NOTE:\f[] Prebuilt packages can be found at:
  388. https://github.com/trapexit/mergerfs/releases
  389. .PP
  390. First get the code from github (http://github.com/trapexit/mergerfs).
  391. .IP
  392. .nf
  393. \f[C]
  394. $\ git\ clone\ https://github.com/trapexit/mergerfs.git
  395. $\ #\ or
  396. $\ wget\ https://github.com/trapexit/mergerfs/archive/master.zip
  397. \f[]
  398. .fi
  399. .SS Debian / Ubuntu
  400. .IP
  401. .nf
  402. \f[C]
  403. $\ sudo\ apt\-get\ install\ g++\ pkg\-config\ git\ git\-buildpackage\ pandoc\ debhelper\ libfuse\-dev\ libattr1\-dev\ python
  404. $\ cd\ mergerfs
  405. $\ make\ deb
  406. $\ sudo\ dpkg\ \-i\ ../mergerfs_version_arch.deb
  407. \f[]
  408. .fi
  409. .SS Fedora
  410. .IP
  411. .nf
  412. \f[C]
  413. $\ su\ \-
  414. #\ dnf\ install\ rpm\-build\ fuse\-devel\ libattr\-devel\ pandoc\ gcc\-c++\ git\ make\ which\ python
  415. #\ cd\ mergerfs
  416. #\ make\ rpm
  417. #\ rpm\ \-i\ rpmbuild/RPMS/<arch>/mergerfs\-<verion>.<arch>.rpm
  418. \f[]
  419. .fi
  420. .SS Generically
  421. .PP
  422. Have git, python, pkg\-config, pandoc, libfuse, libattr1 installed.
  423. .IP
  424. .nf
  425. \f[C]
  426. $\ cd\ mergerfs
  427. $\ make
  428. $\ make\ man
  429. $\ sudo\ make\ install
  430. \f[]
  431. .fi
  432. .SH RUNTIME
  433. .SS \&.mergerfs pseudo file
  434. .IP
  435. .nf
  436. \f[C]
  437. <mountpoint>/.mergerfs
  438. \f[]
  439. .fi
  440. .PP
  441. There is a pseudo file available at the mount point which allows for the
  442. runtime modification of certain \f[B]mergerfs\f[] options.
  443. The file will not show up in \f[B]readdir\f[] but can be
  444. \f[B]stat\f[]\[aq]ed and manipulated via
  445. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls.
  446. .PP
  447. Even if xattrs are disabled the
  448. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls will
  449. still work.
  450. .SS Keys
  451. .PP
  452. Use \f[C]xattr\ \-l\ /mount/point/.mergerfs\f[] to see all supported
  453. keys.
  454. .SS user.mergerfs.srcmounts
  455. .PP
  456. For \f[B]user.mergerfs.srcmounts\f[] there are several instructions
  457. available for manipulating the list.
  458. The value provided is just as the value used at mount time.
  459. A colon (\[aq]:\[aq]) delimited list of full path globs.
  460. .PP
  461. .TS
  462. tab(@);
  463. l l.
  464. T{
  465. Instruction
  466. T}@T{
  467. Description
  468. T}
  469. _
  470. T{
  471. [list]
  472. T}@T{
  473. set
  474. T}
  475. T{
  476. +<[list]
  477. T}@T{
  478. prepend
  479. T}
  480. T{
  481. +>[list]
  482. T}@T{
  483. append
  484. T}
  485. T{
  486. \-[list]
  487. T}@T{
  488. remove all values provided
  489. T}
  490. T{
  491. \-<
  492. T}@T{
  493. remove first in list
  494. T}
  495. T{
  496. \->
  497. T}@T{
  498. remove last in list
  499. T}
  500. .TE
  501. .SS minfreespace
  502. .PP
  503. Input: interger with an optional multiplier suffix.
  504. \f[B]K\f[], \f[B]M\f[], or \f[B]G\f[].
  505. .PP
  506. Output: value in bytes
  507. .SS moveonenospc
  508. .PP
  509. Input: \f[B]true\f[] and \f[B]false\f[]
  510. .PP
  511. Ouput: \f[B]true\f[] or \f[B]false\f[]
  512. .SS categories / funcs
  513. .PP
  514. Input: short policy string as described elsewhere in this document
  515. .PP
  516. Output: the policy string except for categories where its funcs have
  517. multiple types.
  518. In that case it will be a comma separated list
  519. .SS Example
  520. .IP
  521. .nf
  522. \f[C]
  523. [trapexit:/tmp/mount]\ $\ xattr\ \-l\ .mergerfs
  524. user.mergerfs.srcmounts:\ /tmp/a:/tmp/b
  525. user.mergerfs.minfreespace:\ 4294967295
  526. user.mergerfs.moveonenospc:\ false
  527. \&...
  528. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  529. ff
  530. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.category.search\ newest\ .mergerfs
  531. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  532. newest
  533. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ +/tmp/c\ .mergerfs
  534. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  535. /tmp/a:/tmp/b:/tmp/c
  536. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ =/tmp/c\ .mergerfs
  537. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  538. /tmp/c
  539. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ \[aq]+</tmp/a:/tmp/b\[aq]\ .mergerfs
  540. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  541. /tmp/a:/tmp/b:/tmp/c
  542. \f[]
  543. .fi
  544. .SS mergerfs file xattrs
  545. .PP
  546. While they won\[aq]t show up when using
  547. listxattr (http://linux.die.net/man/2/listxattr) \f[B]mergerfs\f[]
  548. offers a number of special xattrs to query information about the files
  549. served.
  550. To access the values you will need to issue a
  551. getxattr (http://linux.die.net/man/2/getxattr) for one of the following:
  552. .IP \[bu] 2
  553. \f[B]user.mergerfs.basepath:\f[] the base mount point for the file given
  554. the current getattr policy
  555. .IP \[bu] 2
  556. \f[B]user.mergerfs.relpath:\f[] the relative path of the file from the
  557. perspective of the mount point
  558. .IP \[bu] 2
  559. \f[B]user.mergerfs.fullpath:\f[] the full path of the original file
  560. given the getattr policy
  561. .IP \[bu] 2
  562. \f[B]user.mergerfs.allpaths:\f[] a NUL (\[aq]\[aq]) separated list of
  563. full paths to all files found
  564. .IP
  565. .nf
  566. \f[C]
  567. [trapexit:/tmp/mount]\ $\ ls
  568. A\ B\ C
  569. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.fullpath\ A
  570. /mnt/a/full/path/to/A
  571. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.basepath\ A
  572. /mnt/a
  573. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.relpath\ A
  574. /full/path/to/A
  575. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.allpaths\ A\ |\ tr\ \[aq]\\0\[aq]\ \[aq]\\n\[aq]
  576. /mnt/a/full/path/to/A
  577. /mnt/b/full/path/to/A
  578. \f[]
  579. .fi
  580. .SH TOOLING
  581. .PP
  582. Find tooling to help with managing \f[C]mergerfs\f[] at:
  583. https://github.com/trapexit/mergerfs\-tools
  584. .IP \[bu] 2
  585. mergerfs.fsck: Provides permissions and ownership auditing and the
  586. ability to fix them
  587. .IP \[bu] 2
  588. mergerfs.mktrash: Creates FreeDesktop.org Trash specification compatible
  589. directories on a mergerfs mount
  590. .SH TIPS / NOTES
  591. .IP \[bu] 2
  592. Detailed guides to setting up a backup solution using mergerfs and other
  593. technologies: https://github.com/trapexit/backup\-and\-recovery\-howtos
  594. .IP \[bu] 2
  595. If you don\[aq]t see some directories / files you expect in a merged
  596. point be sure the user has permission to all the underlying directories.
  597. If \f[C]/drive0/a\f[] has is owned by \f[C]root:root\f[] with ACLs set
  598. to \f[C]0700\f[] and \f[C]/drive1/a\f[] is \f[C]root:root\f[] and
  599. \f[C]0755\f[] you\[aq]ll see only \f[C]/drive1/a\f[].
  600. Use \f[C]mergerfs.fsck\f[] to audit the drive for out of sync
  601. permissions.
  602. .IP \[bu] 2
  603. Since POSIX gives you only error or success on calls its difficult to
  604. determine the proper behavior when applying the behavior to multiple
  605. targets.
  606. \f[B]mergerfs\f[] will return an error only if all attempts of an action
  607. fail.
  608. Any success will lead to a success returned.
  609. .IP \[bu] 2
  610. The recommended options are \f[B]defaults,allow_other\f[].
  611. The \f[B]allow_other\f[] is to allow users who are not the one which
  612. executed mergerfs access to the mountpoint.
  613. \f[B]defaults\f[] is described above and should offer the best
  614. performance.
  615. It\[aq]s possible that if you\[aq]re running on an older platform the
  616. \f[B]splice\f[] features aren\[aq]t available and could error.
  617. In that case simply use the other options manually.
  618. .IP \[bu] 2
  619. If write performance is valued more than read it may be useful to enable
  620. \f[B]direct_io\f[].
  621. Best to benchmark with and without and choose appropriately.
  622. .IP \[bu] 2
  623. Remember: some policies mixed with some functions may result in strange
  624. behaviors.
  625. Not that some of these behaviors and race conditions couldn\[aq]t happen
  626. outside \f[B]mergerfs\f[] but that they are far more likely to occur on
  627. account of attempt to merge together multiple sources of data which
  628. could be out of sync due to the different policies.
  629. .IP \[bu] 2
  630. An example: Kodi (http://kodi.tv) and Plex (http://plex.tv) can use
  631. directory mtime (http://linux.die.net/man/2/stat) to more efficiently
  632. determine whether to scan for new content rather than simply performing
  633. a full scan.
  634. If using the current default \f[B]getattr\f[] policy of \f[B]ff\f[] its
  635. possible \f[B]Kodi\f[] will miss an update on account of it returning
  636. the first directory found\[aq]s \f[B]stat\f[] info and its a later
  637. directory on another mount which had the \f[B]mtime\f[] recently
  638. updated.
  639. To fix this you will want to set \f[B]func.getattr=newest\f[].
  640. Remember though that this is just \f[B]stat\f[].
  641. If the file is later \f[B]open\f[]\[aq]ed or \f[B]unlink\f[]\[aq]ed and
  642. the policy is different for those then a completely different file or
  643. directory could be acted on.
  644. .IP \[bu] 2
  645. Due to previously mentioned issues its generally best to set
  646. \f[B]category\f[] wide policies rather than individual
  647. \f[B]func\f[]\[aq]s.
  648. This will help limit the confusion of tools such as
  649. rsync (http://linux.die.net/man/1/rsync).
  650. .SH KNOWN ISSUES / BUGS
  651. .SS Trashing files occasionally fails
  652. .PP
  653. This is the same issue as with Samba.
  654. \f[C]rename\f[] returns \f[C]EXDEV\f[] (in our case that will really
  655. only happen with path preserving policies like \f[C]epmfs\f[]) and the
  656. software doesn\[aq]t handle the situtation well.
  657. This is unfortunately a common failure of software which moves files
  658. around.
  659. The standard indicates that an implementation \f[C]MAY\f[] choose to
  660. support non\-user home directory trashing of files (which is a
  661. \f[C]MUST\f[]).
  662. The implementation \f[C]MAY\f[] also support "top directory trashes"
  663. which many probably do.
  664. .PP
  665. To create a \f[C]$topdir/.Trash\f[] directory as defined in the standard
  666. use the mergerfs\-tools (https://github.com/trapexit/mergerfs-tools)
  667. tool \f[C]mergerfs.mktrash\f[].
  668. .SS Samba: Moving files / directories fails
  669. .PP
  670. Workaround: Copy the file/directory and then remove the original rather
  671. than move.
  672. .PP
  673. This isn\[aq]t an issue with Samba but some SMB clients.
  674. GVFS\-fuse v1.20.3 and prior (found in Ubuntu 14.04 among others) failed
  675. to handle certain error codes correctly.
  676. Particularly \f[B]STATUS_NOT_SAME_DEVICE\f[] which comes from the
  677. \f[B]EXDEV\f[] which is returned by \f[B]rename\f[] when the call is
  678. crossing mount points.
  679. When a program gets an \f[B]EXDEV\f[] it needs to explicitly take an
  680. alternate action to accomplish it\[aq]s goal.
  681. In the case of \f[B]mv\f[] or similar it tries \f[B]rename\f[] and on
  682. \f[B]EXDEV\f[] falls back to a manual copying of data between the two
  683. locations and unlinking the source.
  684. In these older versions of GVFS\-fuse if it received \f[B]EXDEV\f[] it
  685. would translate that into \f[B]EIO\f[].
  686. This would cause \f[B]mv\f[] or most any application attempting to move
  687. files around on that SMB share to fail with a IO error.
  688. .PP
  689. GVFS\-fuse v1.22.0 (https://bugzilla.gnome.org/show_bug.cgi?id=734568)
  690. and above fixed this issue but a large number of systems use the older
  691. release.
  692. On Ubuntu the version can be checked by issuing
  693. \f[C]apt\-cache\ showpkg\ gvfs\-fuse\f[].
  694. Most distros released in 2015 seem to have the updated release and will
  695. work fine but older systems may not.
  696. Upgrading gvfs\-fuse or the distro in general will address the problem.
  697. .PP
  698. In Apple\[aq]s MacOSX 10.9 they replaced Samba (client and server) with
  699. their own product.
  700. It appears their new client does not handle \f[B]EXDEV\f[] either and
  701. responds similar to older release of gvfs on Linux.
  702. .SS Supplemental user groups
  703. .PP
  704. Due to the overhead of
  705. getgroups/setgroups (http://linux.die.net/man/2/setgroups) mergerfs
  706. utilizes a cache.
  707. This cache is opportunistic and per thread.
  708. Each thread will query the supplemental groups for a user when that
  709. particular thread needs to change credentials and will keep that data
  710. for the lifetime of the thread.
  711. This means that if a user is added to a group it may not be picked up
  712. without the restart of mergerfs.
  713. However, since the high level FUSE API\[aq]s (at least the standard
  714. version) thread pool dynamically grows and shrinks it\[aq]s possible
  715. that over time a thread will be killed and later a new thread with no
  716. cache will start and query the new data.
  717. .PP
  718. The gid cache uses fixed storage to simplify the design and be
  719. compatible with older systems which may not have C++11 compilers.
  720. There is enough storage for 256 users\[aq] supplemental groups.
  721. Each user is allowed upto 32 supplemental groups.
  722. Linux >= 2.6.3 allows upto 65535 groups per user but most other *nixs
  723. allow far less.
  724. NFS allowing only 16.
  725. The system does handle overflow gracefully.
  726. If the user has more than 32 supplemental groups only the first 32 will
  727. be used.
  728. If more than 256 users are using the system when an uncached user is
  729. found it will evict an existing user\[aq]s cache at random.
  730. So long as there aren\[aq]t more than 256 active users this should be
  731. fine.
  732. If either value is too low for your needs you will have to modify
  733. \f[C]gidcache.hpp\f[] to increase the values.
  734. Note that doing so will increase the memory needed by each thread.
  735. .SS mergerfs or libfuse crashing
  736. .PP
  737. If suddenly the mergerfs mount point disappears and
  738. \f[C]Transport\ endpoint\ is\ not\ connected\f[] is returned when
  739. attempting to perform actions within the mount directory \f[B]and\f[]
  740. the version of libfuse (use \f[C]mergerfs\ \-v\f[] to find the version)
  741. is older than \f[C]2.9.4\f[] its likely due to a bug in libfuse.
  742. Affected versions of libfuse can be found in Debian Wheezy, Ubuntu
  743. Precise and others.
  744. .PP
  745. In order to fix this please install newer versions of libfuse.
  746. If using a Debian based distro (Debian,Ubuntu,Mint) you can likely just
  747. install newer versions of
  748. libfuse (https://packages.debian.org/unstable/libfuse2) and
  749. fuse (https://packages.debian.org/unstable/fuse) from the repo of a
  750. newer release.
  751. .SH FAQ
  752. .SS Why use mergerfs over mhddfs?
  753. .PP
  754. mhddfs is no longer maintained and has some known stability and security
  755. issues (see below).
  756. .SS Why use mergerfs over aufs?
  757. .PP
  758. While aufs can offer better peak performance mergerfs offers more
  759. configurability and is generally easier to use.
  760. mergerfs however doesn\[aq]t offer the overlay features which tends to
  761. result in whiteout files being left around the underlying filesystems.
  762. .SS Why use mergerfs over LVM/ZFS/BTRFS/RAID0 drive concatenation /
  763. striping?
  764. .PP
  765. A single drive failure will lead to full pool failure without additional
  766. redundancy.
  767. mergerfs performs a similar behavior without the catastrophic failure
  768. and lack of recovery.
  769. Drives can fail and all other data will continue to be accessable.
  770. .SS It\[aq]s mentioned that there are some security issues with mhddfs.
  771. What are they? How does mergerfs address them?
  772. .PP
  773. mhddfs (https://github.com/trapexit/mhddfs) tries to handle being run as
  774. \f[B]root\f[] by calling
  775. getuid() (https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319)
  776. and if it returns \f[B]0\f[] then it will
  777. chown (http://linux.die.net/man/1/chown) the file.
  778. Not only is that a race condition but it doesn\[aq]t handle many other
  779. situations.
  780. Rather than attempting to simulate POSIX ACL behaviors the proper
  781. behavior is to use seteuid (http://linux.die.net/man/2/seteuid) and
  782. setegid (http://linux.die.net/man/2/setegid), become the user making the
  783. original call and perform the action as them.
  784. This is how mergerfs (https://github.com/trapexit/mergerfs) handles
  785. things.
  786. .PP
  787. If you are familiar with POSIX standards you\[aq]ll know that this
  788. behavior poses a problem.
  789. \f[B]seteuid\f[] and \f[B]setegid\f[] affect the whole process and
  790. \f[B]libfuse\f[] is multithreaded by default.
  791. We\[aq]d need to lock access to \f[B]seteuid\f[] and \f[B]setegid\f[]
  792. with a mutex so that the several threads aren\[aq]t stepping on one
  793. anofther and files end up with weird permissions and ownership.
  794. This however wouldn\[aq]t scale well.
  795. With lots of calls the contention on that mutex would be extremely high.
  796. Thankfully on Linux and OSX we have a better solution.
  797. .PP
  798. OSX has a non\-portable pthread
  799. extension (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  800. for per\-thread user and group impersonation.
  801. .PP
  802. Linux does not support
  803. pthread_setugid_np (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  804. but user and group IDs are a per\-thread attribute though documentation
  805. on that fact or how to manipulate them is not well distributed.
  806. From the \f[B]4.00\f[] release of the Linux man\-pages project for
  807. setuid (http://man7.org/linux/man-pages/man2/setuid.2.html).
  808. .RS
  809. .PP
  810. At the kernel level, user IDs and group IDs are a per\-thread attribute.
  811. However, POSIX requires that all threads in a process share the same
  812. credentials.
  813. The NPTL threading implementation handles the POSIX requirements by
  814. providing wrapper functions for the various system calls that change
  815. process UIDs and GIDs.
  816. These wrapper functions (including the one for setuid()) employ a
  817. signal\-based technique to ensure that when one thread changes
  818. credentials, all of the other threads in the process also change their
  819. credentials.
  820. For details, see nptl(7).
  821. .RE
  822. .PP
  823. Turns out the setreuid syscalls apply only to the thread.
  824. GLIBC hides this away using RT signals to inform all threads to change
  825. credentials.
  826. Taking after \f[B]Samba\f[] mergerfs uses
  827. \f[B]syscall(SYS_setreuid,...)\f[] to set the callers credentials for
  828. that thread only.
  829. Jumping back to \f[B]root\f[] as necessary should escalated privileges
  830. be needed (for instance: to clone paths).
  831. .PP
  832. For non\-Linux systems mergerfs uses a read\-write lock and changes
  833. credentials only when necessary.
  834. If multiple threads are to be user X then only the first one will need
  835. to change the processes credentials.
  836. So long as the other threads need to be user X they will take a readlock
  837. allow multiple threads to share the credentials.
  838. Once a request comes in to run as user Y that thread will attempt a
  839. write lock and change to Y\[aq]s credentials when it can.
  840. If the ability to give writers priority is supported then that flag will
  841. be used so threads trying to change credentials don\[aq]t starve.
  842. This isn\[aq]t the best solution but should work reasonably well.
  843. As new platforms are supported if they offer per thread credentials
  844. those APIs will be adopted.
  845. .SH SUPPORT
  846. .SS Issues with the software
  847. .IP \[bu] 2
  848. github.com: https://github.com/trapexit/mergerfs/issues
  849. .IP \[bu] 2
  850. email: trapexit\@spawn.link
  851. .SS Support development
  852. .IP \[bu] 2
  853. Gratipay: https://gratipay.com/~trapexit
  854. .IP \[bu] 2
  855. BitCoin: 12CdMhEPQVmjz3SSynkAEuD5q9JmhTDCZA
  856. .SH AUTHORS
  857. Antonio SJ Musumeci <trapexit@spawn.link>.