You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1055 lines
38 KiB

9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
8 years ago
9 years ago
9 years ago
9 years ago
  1. .\"t
  2. .TH "mergerfs" "1" "2016\-10\-13" "mergerfs user manual" ""
  3. .SH NAME
  4. .PP
  5. mergerfs \- another (FUSE based) union filesystem
  6. .SH SYNOPSIS
  7. .PP
  8. mergerfs \-o<options> <srcmounts> <mountpoint>
  9. .SH DESCRIPTION
  10. .PP
  11. \f[B]mergerfs\f[] is a union filesystem geared towards simplifying
  12. storage and management of files across numerous commodity storage
  13. devices.
  14. It is similar to \f[B]mhddfs\f[], \f[B]unionfs\f[], and \f[B]aufs\f[].
  15. .SH FEATURES
  16. .IP \[bu] 2
  17. Runs in userspace (FUSE)
  18. .IP \[bu] 2
  19. Configurable behaviors
  20. .IP \[bu] 2
  21. Support for extended attributes (xattrs)
  22. .IP \[bu] 2
  23. Support for file attributes (chattr)
  24. .IP \[bu] 2
  25. Runtime configurable (via xattrs)
  26. .IP \[bu] 2
  27. Safe to run as root
  28. .IP \[bu] 2
  29. Opportunistic credential caching
  30. .IP \[bu] 2
  31. Works with heterogeneous filesystem types
  32. .IP \[bu] 2
  33. Handling of writes to full drives (transparently move file to drive with
  34. capacity)
  35. .IP \[bu] 2
  36. Handles pool of readonly and read/write drives
  37. .SH OPTIONS
  38. .SS options
  39. .IP \[bu] 2
  40. \f[B]defaults\f[]: a shortcut for FUSE\[aq]s \f[B]atomic_o_trunc\f[],
  41. \f[B]auto_cache\f[], \f[B]big_writes\f[], \f[B]default_permissions\f[],
  42. \f[B]splice_move\f[], \f[B]splice_read\f[], and \f[B]splice_write\f[].
  43. These options seem to provide the best performance.
  44. .IP \[bu] 2
  45. \f[B]direct_io\f[]: causes FUSE to bypass an addition caching step which
  46. can increase write speeds at the detriment of read speed.
  47. .IP \[bu] 2
  48. \f[B]minfreespace\f[]: the minimum space value used for creation
  49. policies.
  50. Understands \[aq]K\[aq], \[aq]M\[aq], and \[aq]G\[aq] to represent
  51. kilobyte, megabyte, and gigabyte respectively.
  52. (default: 4G)
  53. .IP \[bu] 2
  54. \f[B]moveonenospc\f[]: when enabled (set to \f[B]true\f[]) if a
  55. \f[B]write\f[] fails with \f[B]ENOSPC\f[] or \f[B]EDQUOT\f[] a scan of
  56. all drives will be done looking for the drive with most free space which
  57. is at least the size of the file plus the amount which failed to write.
  58. An attempt to move the file to that drive will occur (keeping all
  59. metadata possible) and if successful the original is unlinked and the
  60. write retried.
  61. (default: false)
  62. .IP \[bu] 2
  63. \f[B]func.<func>=<policy>\f[]: sets the specific FUSE function\[aq]s
  64. policy.
  65. See below for the list of value types.
  66. Example: \f[B]func.getattr=newest\f[]
  67. .IP \[bu] 2
  68. \f[B]category.<category>=<policy>\f[]: Sets policy of all FUSE functions
  69. in the provided category.
  70. Example: \f[B]category.create=mfs\f[]
  71. .IP \[bu] 2
  72. \f[B]fsname\f[]: sets the name of the filesystem as seen in
  73. \f[B]mount\f[], \f[B]df\f[], etc.
  74. Defaults to a list of the source paths concatenated together with the
  75. longest common prefix removed.
  76. .PP
  77. \f[B]NOTE:\f[] Options are evaluated in the order listed so if the
  78. options are \f[B]func.rmdir=rand,category.action=ff\f[] the
  79. \f[B]action\f[] category setting will override the \f[B]rmdir\f[]
  80. setting.
  81. .SS srcmounts
  82. .PP
  83. The srcmounts (source mounts) argument is a colon (\[aq]:\[aq])
  84. delimited list of paths to be included in the pool.
  85. It does not matter if the paths are on the same or different drives nor
  86. does it matter the filesystem.
  87. Used and available space will not be duplicated for paths on the same
  88. device and any features which aren\[aq]t supported by the underlying
  89. filesystem (such as file attributes or extended attributes) will return
  90. the appropriate errors.
  91. .PP
  92. To make it easier to include multiple source mounts mergerfs supports
  93. globbing (http://linux.die.net/man/7/glob).
  94. \f[B]The globbing tokens MUST be escaped when using via the shell else
  95. the shell itself will expand it.\f[]
  96. .IP
  97. .nf
  98. \f[C]
  99. $\ mergerfs\ \-o\ defaults,allow_other\ /mnt/disk\\*:/mnt/cdrom\ /media/drives
  100. \f[]
  101. .fi
  102. .PP
  103. The above line will use all mount points in /mnt prefixed with
  104. \f[B]disk\f[] and the \f[B]cdrom\f[].
  105. .PP
  106. To have the pool mounted at boot or otherwise accessable from related
  107. tools use \f[B]/etc/fstab\f[].
  108. .IP
  109. .nf
  110. \f[C]
  111. #\ <file\ system>\ \ \ \ \ \ \ \ <mount\ point>\ \ <type>\ \ \ \ \ \ \ \ \ <options>\ \ \ \ \ \ \ \ \ \ \ \ \ <dump>\ \ <pass>
  112. /mnt/disk*:/mnt/cdrom\ \ /media/drives\ \ fuse.mergerfs\ \ defaults,allow_other\ \ 0\ \ \ \ \ \ \ 0
  113. \f[]
  114. .fi
  115. .PP
  116. \f[B]NOTE:\f[] the globbing is done at mount or xattr update time (see
  117. below).
  118. If a new directory is added matching the glob after the fact it will not
  119. be automatically included.
  120. .PP
  121. \f[B]NOTE:\f[] for mounting via \f[B]fstab\f[] to work you must have
  122. \f[B]mount.fuse\f[] installed.
  123. For Ubuntu/Debian it is included in the \f[B]fuse\f[] package.
  124. .SH FUNCTIONS / POLICIES / CATEGORIES
  125. .PP
  126. The POSIX filesystem API has a number of functions.
  127. \f[B]creat\f[], \f[B]stat\f[], \f[B]chown\f[], etc.
  128. In mergerfs these functions are grouped into 3 categories:
  129. \f[B]action\f[], \f[B]create\f[], and \f[B]search\f[].
  130. Functions and categories can be assigned a policy which dictates how
  131. \f[B]mergerfs\f[] behaves.
  132. Any policy can be assigned to a function or category though some are not
  133. very practical.
  134. For instance: \f[B]rand\f[] (random) may be useful for file creation
  135. (create) but could lead to very odd behavior if used for \f[C]chmod\f[]
  136. (though only if there were more than one copy of the file).
  137. .PP
  138. Policies, when called to create, will ignore drives which are readonly
  139. or have less than \f[B]minfreespace\f[].
  140. This allows for read/write and readonly drives to be mixed together and
  141. keep drives which may remount as readonly on error from further
  142. affecting the pool.
  143. .SS Function / Category classifications
  144. .PP
  145. .TS
  146. tab(@);
  147. l l.
  148. T{
  149. Category
  150. T}@T{
  151. FUSE Functions
  152. T}
  153. _
  154. T{
  155. action
  156. T}@T{
  157. chmod, chown, link, removexattr, rename, rmdir, setxattr, truncate,
  158. unlink, utimens
  159. T}
  160. T{
  161. create
  162. T}@T{
  163. create, mkdir, mknod, symlink
  164. T}
  165. T{
  166. search
  167. T}@T{
  168. access, getattr, getxattr, ioctl, listxattr, open, readlink
  169. T}
  170. T{
  171. N/A
  172. T}@T{
  173. fallocate, fgetattr, fsync, ftruncate, ioctl, read, readdir, release,
  174. statfs, write
  175. T}
  176. .TE
  177. .PP
  178. Due to FUSE limitations \f[B]ioctl\f[] behaves differently if its acting
  179. on a directory.
  180. It\[aq]ll use the \f[B]getattr\f[] policy to find and open the directory
  181. before issuing the \f[B]ioctl\f[].
  182. In other cases where something may be searched (to confirm a directory
  183. exists across all source mounts) \f[B]getattr\f[] will also be used.
  184. .SS Policy descriptions
  185. .PP
  186. .TS
  187. tab(@);
  188. l l.
  189. T{
  190. Policy
  191. T}@T{
  192. Description
  193. T}
  194. _
  195. T{
  196. all
  197. T}@T{
  198. Search category: acts like \f[B]ff\f[].
  199. Action category: apply to all found.
  200. Create category: for \f[B]mkdir\f[], \f[B]mknod\f[], and
  201. \f[B]symlink\f[] it will apply to all found.
  202. \f[B]create\f[] works like \f[B]ff\f[].
  203. It will exclude readonly drives and those with free space less than
  204. \f[B]minfreespace\f[].
  205. T}
  206. T{
  207. epall (existing path, all)
  208. T}@T{
  209. Search category: acts like \f[B]epff\f[].
  210. Action category: apply to all found.
  211. Create category: for \f[B]mkdir\f[], \f[B]mknod\f[], and
  212. \f[B]symlink\f[] it will apply to all existing paths found.
  213. \f[B]create\f[] works like \f[B]epff\f[].
  214. It will exclude readonly drives and those with free space less than
  215. \f[B]minfreespace\f[].
  216. T}
  217. T{
  218. epff
  219. T}@T{
  220. Given the order of the drives, as defined at mount time or when
  221. configured via the xattr interface, act on the first one found where the
  222. path already exists.
  223. For \f[B]create\f[] cateogry it will exclude readonly drives and those
  224. with free space less than \f[B]minfreespace\f[] (unless there is no
  225. other option).
  226. Falls back to \f[B]ff\f[].
  227. T}
  228. T{
  229. eplfs (existing path, least free space)
  230. T}@T{
  231. If the path exists on multiple drives use the one with the least free
  232. space.
  233. For \f[B]create\f[] category it will exclude readonly drives and those
  234. with free space less than \f[B]minfreespace\f[].
  235. Falls back to \f[B]lfs\f[].
  236. T}
  237. T{
  238. eplus (existing path, least used space)
  239. T}@T{
  240. If the path exists on multiple drives use the one with the least used
  241. space.
  242. For \f[B]create\f[] category it will exclude readonly drives and those
  243. with free space less than \f[B]minfreespace\f[].
  244. Falls back to \f[B]lus\f[].
  245. T}
  246. T{
  247. epmfs (existing path, most free space)
  248. T}@T{
  249. If the path exists on multiple drives use the one with the most free
  250. space.
  251. For \f[B]create\f[] category it will exclude readonly drives and those
  252. with free space less than \f[B]minfreespace\f[].
  253. Falls back to \f[B]mfs\f[].
  254. T}
  255. T{
  256. eprand (existing path, random)
  257. T}@T{
  258. Calls \f[B]epall\f[] and then randomizes.
  259. T}
  260. T{
  261. erofs
  262. T}@T{
  263. Exclusively return \f[B]\-1\f[] with \f[B]errno\f[] set to
  264. \f[B]EROFS\f[].
  265. By setting \f[B]create\f[] functions to this you can in effect turn the
  266. filesystem readonly.
  267. T}
  268. T{
  269. ff (first found)
  270. T}@T{
  271. Given the order of the drives, as defined at mount time or when
  272. configured via xattr interface, act on the first one found.
  273. For \f[B]create\f[] category it will exclude readonly drives and those
  274. with free space less than \f[B]minfreespace\f[] (unless there is no
  275. other option).
  276. T}
  277. T{
  278. lfs (least free space)
  279. T}@T{
  280. Pick the drive with the least available free space.
  281. For \f[B]create\f[] category it will exclude readonly drives and those
  282. with free space less than \f[B]minfreespace\f[].
  283. Falls back to \f[B]mfs\f[].
  284. T}
  285. T{
  286. lus (least used space)
  287. T}@T{
  288. Pick the drive with the least used space.
  289. For \f[B]create\f[] category it will exclude readonly drives and those
  290. with free space less than \f[B]minfreespace\f[].
  291. Falls back to \f[B]mfs\f[].
  292. T}
  293. T{
  294. mfs (most free space)
  295. T}@T{
  296. Pick the drive with the most available free space.
  297. For \f[B]create\f[] category it will exclude readonly drives and those
  298. with free space less than \f[B]minfreespace\f[].
  299. Falls back to \f[B]ff\f[].
  300. T}
  301. T{
  302. newest (newest file)
  303. T}@T{
  304. Pick the file / directory with the largest mtime.
  305. For \f[B]create\f[] category it will exclude readonly drives and those
  306. with free space less than \f[B]minfreespace\f[] (unless there is no
  307. other option).
  308. T}
  309. T{
  310. rand (random)
  311. T}@T{
  312. Calls \f[B]all\f[] and then randomizes.
  313. T}
  314. .TE
  315. .PP
  316. \f[B]epff\f[], \f[B]eplfs\f[], \f[B]eplus\f[], and \f[B]epmf\f[] are
  317. path preserving policies.
  318. As the descriptions above explain they will only consider drives where
  319. the path being accessed exists.
  320. Non\-path preserving policies will clone paths as necessary.
  321. .SS Defaults
  322. .PP
  323. .TS
  324. tab(@);
  325. l l.
  326. T{
  327. Category
  328. T}@T{
  329. Policy
  330. T}
  331. _
  332. T{
  333. action
  334. T}@T{
  335. all
  336. T}
  337. T{
  338. create
  339. T}@T{
  340. epmfs
  341. T}
  342. T{
  343. search
  344. T}@T{
  345. ff
  346. T}
  347. .TE
  348. .SS rename & link
  349. .PP
  350. rename (http://man7.org/linux/man-pages/man2/rename.2.html) is a tricky
  351. function in a merged system.
  352. Normally if a rename can\[aq]t be done atomically due to the source and
  353. destination paths existing on different mount points it will return
  354. \f[B]\-1\f[] with \f[B]errno = EXDEV\f[].
  355. The atomic rename is most critical for replacing files in place
  356. atomically (such as securing writing to a temp file and then replacing a
  357. target).
  358. The problem is that by merging multiple paths you can have N instances
  359. of the source and destinations on different drives.
  360. This can lead to several undesirable situtations with or without errors
  361. and it\[aq]s not entirely obvious what to do when an error occurs.
  362. .PP
  363. Originally mergerfs would return EXDEV whenever a rename was requested
  364. which was cross directory in any way.
  365. This made the code simple and was technically complient with POSIX
  366. requirements.
  367. However, many applications fail to handle EXDEV at all and treat it as a
  368. normal error or they only partially support EXDEV (don\[aq]t respond the
  369. same as \f[C]mv\f[] would).
  370. Such apps include: gvfsd\-fuse v1.20.3 and prior, Finder / CIFS/SMB
  371. client in Apple OSX 10.9+, NZBGet, Samba\[aq]s recycling bin feature.
  372. .IP \[bu] 2
  373. If using a \f[B]create\f[] policy which tries to preserve directory
  374. paths (epff,eplfs,eplus,epmfs)
  375. .IP \[bu] 2
  376. Using the \f[B]rename\f[] policy get the list of files to rename
  377. .IP \[bu] 2
  378. For each file attempt rename:
  379. .RS 2
  380. .IP \[bu] 2
  381. If failure with ENOENT run \f[B]create\f[] policy
  382. .IP \[bu] 2
  383. If create policy returns the same drive as currently evaluating then
  384. clone the path
  385. .IP \[bu] 2
  386. Re\-attempt rename
  387. .RE
  388. .IP \[bu] 2
  389. If \f[B]any\f[] of the renames succeed the higher level rename is
  390. considered a success
  391. .IP \[bu] 2
  392. If \f[B]no\f[] renames succeed the first error encountered will be
  393. returned
  394. .IP \[bu] 2
  395. On success:
  396. .RS 2
  397. .IP \[bu] 2
  398. Remove the target from all drives with no source file
  399. .IP \[bu] 2
  400. Remove the source from all drives which failed to rename
  401. .RE
  402. .IP \[bu] 2
  403. If using a \f[B]create\f[] policy which does \f[B]not\f[] try to
  404. preserve directory paths
  405. .IP \[bu] 2
  406. Using the \f[B]rename\f[] policy get the list of files to rename
  407. .IP \[bu] 2
  408. Using the \f[B]getattr\f[] policy get the target path
  409. .IP \[bu] 2
  410. For each file attempt rename:
  411. .RS 2
  412. .IP \[bu] 2
  413. If the source drive != target drive:
  414. .IP \[bu] 2
  415. Clone target path from target drive to source drive
  416. .IP \[bu] 2
  417. Rename
  418. .RE
  419. .IP \[bu] 2
  420. If \f[B]any\f[] of the renames succeed the higher level rename is
  421. considered a success
  422. .IP \[bu] 2
  423. If \f[B]no\f[] renames succeed the first error encountered will be
  424. returned
  425. .IP \[bu] 2
  426. On success:
  427. .RS 2
  428. .IP \[bu] 2
  429. Remove the target from all drives with no source file
  430. .IP \[bu] 2
  431. Remove the source from all drives which failed to rename
  432. .RE
  433. .PP
  434. The the removals are subject to normal entitlement checks.
  435. .PP
  436. The above behavior will help minimize the likelihood of EXDEV being
  437. returned but it will still be possible.
  438. To remove the possibility all together mergerfs would need to perform
  439. the as \f[B]mv\f[] does when it receives EXDEV normally.
  440. .PP
  441. \f[B]link\f[] uses the same basic strategy.
  442. .SS readdir
  443. .PP
  444. readdir (http://linux.die.net/man/3/readdir) is different from all other
  445. filesystem functions.
  446. While it could have it\[aq]s own set of policies to tweak its behavior
  447. at this time it provides a simple union of files and directories found.
  448. Remember that any action or information queried about these files and
  449. directories come from the respective function.
  450. For instance: an \f[B]ls\f[] is a \f[B]readdir\f[] and for each
  451. file/directory returned \f[B]getattr\f[] is called.
  452. Meaning the policy of \f[B]getattr\f[] is responsible for choosing the
  453. file/directory which is the source of the metadata you see in an
  454. \f[B]ls\f[].
  455. .SS statvfs
  456. .PP
  457. statvfs (http://linux.die.net/man/2/statvfs) normalizes the source
  458. drives based on the fragment size and sums the number of adjusted blocks
  459. and inodes.
  460. This means you will see the combined space of all sources.
  461. Total, used, and free.
  462. The sources however are dedupped based on the drive so multiple sources
  463. on the same drive will not result in double counting it\[aq]s space.
  464. .SH BUILDING
  465. .PP
  466. \f[B]NOTE:\f[] Prebuilt packages can be found at:
  467. https://github.com/trapexit/mergerfs/releases
  468. .PP
  469. First get the code from github (http://github.com/trapexit/mergerfs).
  470. .IP
  471. .nf
  472. \f[C]
  473. $\ git\ clone\ https://github.com/trapexit/mergerfs.git
  474. $\ #\ or
  475. $\ wget\ https://github.com/trapexit/mergerfs/releases/download/<ver>/mergerfs\-<ver>.tar.gz
  476. \f[]
  477. .fi
  478. .SS Debian / Ubuntu
  479. .IP
  480. .nf
  481. \f[C]
  482. $\ sudo\ apt\-get\ install\ g++\ pkg\-config\ git\ git\-buildpackage\ pandoc\ debhelper\ libfuse\-dev\ libattr1\-dev\ python
  483. $\ cd\ mergerfs
  484. $\ make\ deb
  485. $\ sudo\ dpkg\ \-i\ ../mergerfs_version_arch.deb
  486. \f[]
  487. .fi
  488. .SS Fedora
  489. .IP
  490. .nf
  491. \f[C]
  492. $\ su\ \-
  493. #\ dnf\ install\ rpm\-build\ fuse\-devel\ libattr\-devel\ pandoc\ gcc\-c++\ git\ make\ which\ python
  494. #\ cd\ mergerfs
  495. #\ make\ rpm
  496. #\ rpm\ \-i\ rpmbuild/RPMS/<arch>/mergerfs\-<verion>.<arch>.rpm
  497. \f[]
  498. .fi
  499. .SS Generically
  500. .PP
  501. Have git, python, pkg\-config, pandoc, libfuse, libattr1 installed.
  502. .IP
  503. .nf
  504. \f[C]
  505. $\ cd\ mergerfs
  506. $\ make
  507. $\ make\ man
  508. $\ sudo\ make\ install
  509. \f[]
  510. .fi
  511. .SH RUNTIME
  512. .SS \&.mergerfs pseudo file
  513. .IP
  514. .nf
  515. \f[C]
  516. <mountpoint>/.mergerfs
  517. \f[]
  518. .fi
  519. .PP
  520. There is a pseudo file available at the mount point which allows for the
  521. runtime modification of certain \f[B]mergerfs\f[] options.
  522. The file will not show up in \f[B]readdir\f[] but can be
  523. \f[B]stat\f[]\[aq]ed and manipulated via
  524. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls.
  525. .PP
  526. Even if xattrs are disabled for mergerfs the
  527. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls
  528. against this pseudo file will still work.
  529. .PP
  530. Any changes made at runtime are \f[B]not\f[] persisted.
  531. If you wish for values to persist they must be included as options
  532. wherever you configure the mounting of mergerfs (fstab).
  533. .SS Keys
  534. .PP
  535. Use \f[C]xattr\ \-l\ /mount/point/.mergerfs\f[] to see all supported
  536. keys.
  537. Some are informational and therefore readonly.
  538. .SS user.mergerfs.srcmounts
  539. .PP
  540. Used to query or modify the list of source mounts.
  541. When modifying there are several shortcuts to easy manipulation of the
  542. list.
  543. .PP
  544. .TS
  545. tab(@);
  546. l l.
  547. T{
  548. Value
  549. T}@T{
  550. Description
  551. T}
  552. _
  553. T{
  554. [list]
  555. T}@T{
  556. set
  557. T}
  558. T{
  559. +<[list]
  560. T}@T{
  561. prepend
  562. T}
  563. T{
  564. +>[list]
  565. T}@T{
  566. append
  567. T}
  568. T{
  569. \-[list]
  570. T}@T{
  571. remove all values provided
  572. T}
  573. T{
  574. \-<
  575. T}@T{
  576. remove first in list
  577. T}
  578. T{
  579. \->
  580. T}@T{
  581. remove last in list
  582. T}
  583. .TE
  584. .SS minfreespace
  585. .PP
  586. Input: interger with an optional multiplier suffix.
  587. \f[B]K\f[], \f[B]M\f[], or \f[B]G\f[].
  588. .PP
  589. Output: value in bytes
  590. .SS moveonenospc
  591. .PP
  592. Input: \f[B]true\f[] and \f[B]false\f[]
  593. .PP
  594. Ouput: \f[B]true\f[] or \f[B]false\f[]
  595. .SS categories / funcs
  596. .PP
  597. Input: short policy string as described elsewhere in this document
  598. .PP
  599. Output: the policy string except for categories where its funcs have
  600. multiple types.
  601. In that case it will be a comma separated list
  602. .SS Example
  603. .IP
  604. .nf
  605. \f[C]
  606. [trapexit:/tmp/mount]\ $\ xattr\ \-l\ .mergerfs
  607. user.mergerfs.srcmounts:\ /tmp/a:/tmp/b
  608. user.mergerfs.minfreespace:\ 4294967295
  609. user.mergerfs.moveonenospc:\ false
  610. \&...
  611. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  612. ff
  613. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.category.search\ newest\ .mergerfs
  614. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  615. newest
  616. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ +/tmp/c\ .mergerfs
  617. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  618. /tmp/a:/tmp/b:/tmp/c
  619. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ =/tmp/c\ .mergerfs
  620. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  621. /tmp/c
  622. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ \[aq]+</tmp/a:/tmp/b\[aq]\ .mergerfs
  623. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  624. /tmp/a:/tmp/b:/tmp/c
  625. \f[]
  626. .fi
  627. .SS file / directory xattrs
  628. .PP
  629. While they won\[aq]t show up when using
  630. listxattr (http://linux.die.net/man/2/listxattr) \f[B]mergerfs\f[]
  631. offers a number of special xattrs to query information about the files
  632. served.
  633. To access the values you will need to issue a
  634. getxattr (http://linux.die.net/man/2/getxattr) for one of the following:
  635. .IP \[bu] 2
  636. \f[B]user.mergerfs.basepath:\f[] the base mount point for the file given
  637. the current getattr policy
  638. .IP \[bu] 2
  639. \f[B]user.mergerfs.relpath:\f[] the relative path of the file from the
  640. perspective of the mount point
  641. .IP \[bu] 2
  642. \f[B]user.mergerfs.fullpath:\f[] the full path of the original file
  643. given the getattr policy
  644. .IP \[bu] 2
  645. \f[B]user.mergerfs.allpaths:\f[] a NUL (\[aq]\[aq]) separated list of
  646. full paths to all files found
  647. .IP
  648. .nf
  649. \f[C]
  650. [trapexit:/tmp/mount]\ $\ ls
  651. A\ B\ C
  652. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.fullpath\ A
  653. /mnt/a/full/path/to/A
  654. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.basepath\ A
  655. /mnt/a
  656. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.relpath\ A
  657. /full/path/to/A
  658. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.allpaths\ A\ |\ tr\ \[aq]\\0\[aq]\ \[aq]\\n\[aq]
  659. /mnt/a/full/path/to/A
  660. /mnt/b/full/path/to/A
  661. \f[]
  662. .fi
  663. .SH TOOLING
  664. .IP \[bu] 2
  665. https://github.com/trapexit/mergerfs\-tools
  666. .IP \[bu] 2
  667. mergerfs.ctl: A tool to make it easier to query and configure mergerfs
  668. at runtime
  669. .IP \[bu] 2
  670. mergerfs.fsck: Provides permissions and ownership auditing and the
  671. ability to fix them
  672. .IP \[bu] 2
  673. mergerfs.dedup: Will help identify and optionally remove duplicate files
  674. .IP \[bu] 2
  675. mergerfs.mktrash: Creates FreeDesktop.org Trash specification compatible
  676. directories on a mergerfs mount
  677. .IP \[bu] 2
  678. https://github.com/trapexit/scorch
  679. .IP \[bu] 2
  680. scorch: A tool to help discover silent corruption of files
  681. .SH TIPS / NOTES
  682. .IP \[bu] 2
  683. https://github.com/trapexit/backup\-and\-recovery\-howtos : A set of
  684. guides / howtos on creating a data storage system, backing it up,
  685. maintaining it, and recovering from failure.
  686. .IP \[bu] 2
  687. If you don\[aq]t see some directories / files you expect in a merged
  688. point be sure the user has permission to all the underlying directories.
  689. If \f[C]/drive0/a\f[] has is owned by \f[C]root:root\f[] with ACLs set
  690. to \f[C]0700\f[] and \f[C]/drive1/a\f[] is \f[C]root:root\f[] and
  691. \f[C]0755\f[] you\[aq]ll see only \f[C]/drive1/a\f[].
  692. Use \f[C]mergerfs.fsck\f[] to audit the drive for out of sync
  693. permissions.
  694. .IP \[bu] 2
  695. Do \f[I]not\f[] use \f[C]direct_io\f[] if you expect applications (such
  696. as rtorrent) to mmap (http://linux.die.net/man/2/mmap) files.
  697. It is not currently supported in FUSE w/ \f[C]direct_io\f[] enabled.
  698. .IP \[bu] 2
  699. Since POSIX gives you only error or success on calls its difficult to
  700. determine the proper behavior when applying the behavior to multiple
  701. targets.
  702. \f[B]mergerfs\f[] will return an error only if all attempts of an action
  703. fail.
  704. Any success will lead to a success returned.
  705. .IP \[bu] 2
  706. The recommended options are \f[B]defaults,allow_other\f[].
  707. The \f[B]allow_other\f[] is to allow users who are not the one which
  708. executed mergerfs access to the mountpoint.
  709. \f[B]defaults\f[] is described above and should offer the best
  710. performance.
  711. It\[aq]s possible that if you\[aq]re running on an older platform the
  712. \f[B]splice\f[] features aren\[aq]t available and could error.
  713. In that case simply use the other options manually.
  714. .IP \[bu] 2
  715. If write performance is valued more than read it may be useful to enable
  716. \f[B]direct_io\f[].
  717. Best to benchmark with and without and choose appropriately.
  718. .IP \[bu] 2
  719. Remember: some policies mixed with some functions may result in strange
  720. behaviors.
  721. Not that some of these behaviors and race conditions couldn\[aq]t happen
  722. outside \f[B]mergerfs\f[] but that they are far more likely to occur on
  723. account of attempt to merge together multiple sources of data which
  724. could be out of sync due to the different policies.
  725. .IP \[bu] 2
  726. An example: Kodi (http://kodi.tv) and Plex (http://plex.tv) can use
  727. directory mtime (http://linux.die.net/man/2/stat) to more efficiently
  728. determine whether to scan for new content rather than simply performing
  729. a full scan.
  730. If using the current default \f[B]getattr\f[] policy of \f[B]ff\f[] its
  731. possible \f[B]Kodi\f[] will miss an update on account of it returning
  732. the first directory found\[aq]s \f[B]stat\f[] info and its a later
  733. directory on another mount which had the \f[B]mtime\f[] recently
  734. updated.
  735. To fix this you will want to set \f[B]func.getattr=newest\f[].
  736. Remember though that this is just \f[B]stat\f[].
  737. If the file is later \f[B]open\f[]\[aq]ed or \f[B]unlink\f[]\[aq]ed and
  738. the policy is different for those then a completely different file or
  739. directory could be acted on.
  740. .IP \[bu] 2
  741. Due to previously mentioned issues its generally best to set
  742. \f[B]category\f[] wide policies rather than individual
  743. \f[B]func\f[]\[aq]s.
  744. This will help limit the confusion of tools such as
  745. rsync (http://linux.die.net/man/1/rsync).
  746. .SH KNOWN ISSUES / BUGS
  747. .SS rtorrent fails with ENODEV (No such device)
  748. .PP
  749. Be sure to turn off \f[C]direct_io\f[].
  750. rtorrent and some other applications use
  751. mmap (http://linux.die.net/man/2/mmap) to read and write to files and
  752. offer no failback to traditional methods.
  753. FUSE does not currently support mmap while using \f[C]direct_io\f[].
  754. There will be a performance penalty on writes with \f[C]direct_io\f[]
  755. off but it\[aq]s the only way to get such applications to work.
  756. If the performance loss is too high for other apps you can mount
  757. mergerfs twice.
  758. Once with \f[C]direct_io\f[] enabled and one without it.
  759. .SS mmap performance is really bad
  760. .PP
  761. There is a bug (https://lkml.org/lkml/2016/3/16/260) in caching which
  762. affects overall performance of mmap through FUSE in Linux 4.x kernels.
  763. It is fixed in 4.4.10 and 4.5.4 (https://lkml.org/lkml/2016/5/11/59).
  764. .SS Trashing files occasionally fails
  765. .PP
  766. This is the same issue as with Samba.
  767. \f[C]rename\f[] returns \f[C]EXDEV\f[] (in our case that will really
  768. only happen with path preserving policies like \f[C]epmfs\f[]) and the
  769. software doesn\[aq]t handle the situtation well.
  770. This is unfortunately a common failure of software which moves files
  771. around.
  772. The standard indicates that an implementation \f[C]MAY\f[] choose to
  773. support non\-user home directory trashing of files (which is a
  774. \f[C]MUST\f[]).
  775. The implementation \f[C]MAY\f[] also support "top directory trashes"
  776. which many probably do.
  777. .PP
  778. To create a \f[C]$topdir/.Trash\f[] directory as defined in the standard
  779. use the mergerfs\-tools (https://github.com/trapexit/mergerfs-tools)
  780. tool \f[C]mergerfs.mktrash\f[].
  781. .SS Samba: Moving files / directories fails
  782. .PP
  783. Workaround: Copy the file/directory and then remove the original rather
  784. than move.
  785. .PP
  786. This isn\[aq]t an issue with Samba but some SMB clients.
  787. GVFS\-fuse v1.20.3 and prior (found in Ubuntu 14.04 among others) failed
  788. to handle certain error codes correctly.
  789. Particularly \f[B]STATUS_NOT_SAME_DEVICE\f[] which comes from the
  790. \f[B]EXDEV\f[] which is returned by \f[B]rename\f[] when the call is
  791. crossing mount points.
  792. When a program gets an \f[B]EXDEV\f[] it needs to explicitly take an
  793. alternate action to accomplish it\[aq]s goal.
  794. In the case of \f[B]mv\f[] or similar it tries \f[B]rename\f[] and on
  795. \f[B]EXDEV\f[] falls back to a manual copying of data between the two
  796. locations and unlinking the source.
  797. In these older versions of GVFS\-fuse if it received \f[B]EXDEV\f[] it
  798. would translate that into \f[B]EIO\f[].
  799. This would cause \f[B]mv\f[] or most any application attempting to move
  800. files around on that SMB share to fail with a IO error.
  801. .PP
  802. GVFS\-fuse v1.22.0 (https://bugzilla.gnome.org/show_bug.cgi?id=734568)
  803. and above fixed this issue but a large number of systems use the older
  804. release.
  805. On Ubuntu the version can be checked by issuing
  806. \f[C]apt\-cache\ showpkg\ gvfs\-fuse\f[].
  807. Most distros released in 2015 seem to have the updated release and will
  808. work fine but older systems may not.
  809. Upgrading gvfs\-fuse or the distro in general will address the problem.
  810. .PP
  811. In Apple\[aq]s MacOSX 10.9 they replaced Samba (client and server) with
  812. their own product.
  813. It appears their new client does not handle \f[B]EXDEV\f[] either and
  814. responds similar to older release of gvfs on Linux.
  815. .SS Supplemental user groups
  816. .PP
  817. Due to the overhead of
  818. getgroups/setgroups (http://linux.die.net/man/2/setgroups) mergerfs
  819. utilizes a cache.
  820. This cache is opportunistic and per thread.
  821. Each thread will query the supplemental groups for a user when that
  822. particular thread needs to change credentials and will keep that data
  823. for the lifetime of the thread.
  824. This means that if a user is added to a group it may not be picked up
  825. without the restart of mergerfs.
  826. However, since the high level FUSE API\[aq]s (at least the standard
  827. version) thread pool dynamically grows and shrinks it\[aq]s possible
  828. that over time a thread will be killed and later a new thread with no
  829. cache will start and query the new data.
  830. .PP
  831. The gid cache uses fixed storage to simplify the design and be
  832. compatible with older systems which may not have C++11 compilers.
  833. There is enough storage for 256 users\[aq] supplemental groups.
  834. Each user is allowed upto 32 supplemental groups.
  835. Linux >= 2.6.3 allows upto 65535 groups per user but most other *nixs
  836. allow far less.
  837. NFS allowing only 16.
  838. The system does handle overflow gracefully.
  839. If the user has more than 32 supplemental groups only the first 32 will
  840. be used.
  841. If more than 256 users are using the system when an uncached user is
  842. found it will evict an existing user\[aq]s cache at random.
  843. So long as there aren\[aq]t more than 256 active users this should be
  844. fine.
  845. If either value is too low for your needs you will have to modify
  846. \f[C]gidcache.hpp\f[] to increase the values.
  847. Note that doing so will increase the memory needed by each thread.
  848. .SS mergerfs or libfuse crashing
  849. .PP
  850. If suddenly the mergerfs mount point disappears and
  851. \f[C]Transport\ endpoint\ is\ not\ connected\f[] is returned when
  852. attempting to perform actions within the mount directory \f[B]and\f[]
  853. the version of libfuse (use \f[C]mergerfs\ \-v\f[] to find the version)
  854. is older than \f[C]2.9.4\f[] its likely due to a bug in libfuse.
  855. Affected versions of libfuse can be found in Debian Wheezy, Ubuntu
  856. Precise and others.
  857. .PP
  858. In order to fix this please install newer versions of libfuse.
  859. If using a Debian based distro (Debian,Ubuntu,Mint) you can likely just
  860. install newer versions of
  861. libfuse (https://packages.debian.org/unstable/libfuse2) and
  862. fuse (https://packages.debian.org/unstable/fuse) from the repo of a
  863. newer release.
  864. .SS mergerfs under heavy load and memory preasure leads to kernel panic
  865. .PP
  866. https://lkml.org/lkml/2016/9/14/527
  867. .IP
  868. .nf
  869. \f[C]
  870. [25192.515454]\ kernel\ BUG\ at\ /build/linux\-a2WvEb/linux\-4.4.0/mm/workingset.c:346!
  871. [25192.517521]\ invalid\ opcode:\ 0000\ [#1]\ SMP
  872. [25192.519602]\ Modules\ linked\ in:\ netconsole\ ip6t_REJECT\ nf_reject_ipv6\ ipt_REJECT\ nf_reject_ipv4\ configfs\ binfmt_misc\ veth\ bridge\ stp\ llc\ nf_conntrack_ipv6\ nf_defrag_ipv6\ xt_conntrack\ ip6table_filter\ ip6_tables\ xt_multiport\ iptable_filter\ ipt_MASQUERADE\ nf_nat_masquerade_ipv4\ xt_comment\ xt_nat\ iptable_nat\ nf_conntrack_ipv4\ nf_defrag_ipv4\ nf_nat_ipv4\ nf_nat\ nf_conntrack\ xt_CHECKSUM\ xt_tcpudp\ iptable_mangle\ ip_tables\ x_tables\ intel_rapl\ x86_pkg_temp_thermal\ intel_powerclamp\ eeepc_wmi\ asus_wmi\ coretemp\ sparse_keymap\ kvm_intel\ ppdev\ kvm\ irqbypass\ mei_me\ 8250_fintek\ input_leds\ serio_raw\ parport_pc\ tpm_infineon\ mei\ shpchp\ mac_hid\ parport\ lpc_ich\ autofs4\ drbg\ ansi_cprng\ dm_crypt\ algif_skcipher\ af_alg\ btrfs\ raid456\ async_raid6_recov\ async_memcpy\ async_pq\ async_xor\ async_tx\ xor\ raid6_pq\ libcrc32c\ raid0\ multipath\ linear\ raid10\ raid1\ i915\ crct10dif_pclmul\ crc32_pclmul\ aesni_intel\ i2c_algo_bit\ aes_x86_64\ drm_kms_helper\ lrw\ gf128mul\ glue_helper\ ablk_helper\ syscopyarea\ cryptd\ sysfillrect\ sysimgblt\ fb_sys_fops\ drm\ ahci\ r8169\ libahci\ mii\ wmi\ fjes\ video\ [last\ unloaded:\ netconsole]
  873. [25192.540910]\ CPU:\ 2\ PID:\ 63\ Comm:\ kswapd0\ Not\ tainted\ 4.4.0\-36\-generic\ #55\-Ubuntu
  874. [25192.543411]\ Hardware\ name:\ System\ manufacturer\ System\ Product\ Name/P8H67\-M\ PRO,\ BIOS\ 3904\ 04/27/2013
  875. [25192.545840]\ task:\ ffff88040cae6040\ ti:\ ffff880407488000\ task.ti:\ ffff880407488000
  876. [25192.548277]\ RIP:\ 0010:[<ffffffff811ba501>]\ \ [<ffffffff811ba501>]\ shadow_lru_isolate+0x181/0x190
  877. [25192.550706]\ RSP:\ 0018:ffff88040748bbe0\ \ EFLAGS:\ 00010002
  878. [25192.553127]\ RAX:\ 0000000000001c81\ RBX:\ ffff8802f91ee928\ RCX:\ ffff8802f91eeb38
  879. [25192.555544]\ RDX:\ ffff8802f91ee938\ RSI:\ ffff8802f91ee928\ RDI:\ ffff8804099ba2c0
  880. [25192.557914]\ RBP:\ ffff88040748bc08\ R08:\ 000000000001a7b6\ R09:\ 000000000000003f
  881. [25192.560237]\ R10:\ 000000000001a750\ R11:\ 0000000000000000\ R12:\ ffff8804099ba2c0
  882. [25192.562512]\ R13:\ ffff8803157e9680\ R14:\ ffff8803157e9668\ R15:\ ffff8804099ba2c8
  883. [25192.564724]\ FS:\ \ 0000000000000000(0000)\ GS:ffff88041f280000(0000)\ knlGS:0000000000000000
  884. [25192.566990]\ CS:\ \ 0010\ DS:\ 0000\ ES:\ 0000\ CR0:\ 0000000080050033
  885. [25192.569201]\ CR2:\ 00007ffabb690000\ CR3:\ 0000000001e0a000\ CR4:\ 00000000000406e0
  886. [25192.571419]\ Stack:
  887. [25192.573550]\ \ ffff8804099ba2c0\ ffff88039e4f86f0\ ffff8802f91ee928\ ffff8804099ba2c8
  888. [25192.575695]\ \ ffff88040748bd08\ ffff88040748bc58\ ffffffff811b99bf\ 0000000000000052
  889. [25192.577814]\ \ 0000000000000000\ ffffffff811ba380\ 000000000000008a\ 0000000000000080
  890. [25192.579947]\ Call\ Trace:
  891. [25192.582022]\ \ [<ffffffff811b99bf>]\ __list_lru_walk_one.isra.3+0x8f/0x130
  892. [25192.584137]\ \ [<ffffffff811ba380>]\ ?\ memcg_drain_all_list_lrus+0x190/0x190
  893. [25192.586165]\ \ [<ffffffff811b9a83>]\ list_lru_walk_one+0x23/0x30
  894. [25192.588145]\ \ [<ffffffff811ba544>]\ scan_shadow_nodes+0x34/0x50
  895. [25192.590074]\ \ [<ffffffff811a0e9d>]\ shrink_slab.part.40+0x1ed/0x3d0
  896. [25192.591985]\ \ [<ffffffff811a53da>]\ shrink_zone+0x2ca/0x2e0
  897. [25192.593863]\ \ [<ffffffff811a64ce>]\ kswapd+0x51e/0x990
  898. [25192.595737]\ \ [<ffffffff811a5fb0>]\ ?\ mem_cgroup_shrink_node_zone+0x1c0/0x1c0
  899. [25192.597613]\ \ [<ffffffff810a0808>]\ kthread+0xd8/0xf0
  900. [25192.599495]\ \ [<ffffffff810a0730>]\ ?\ kthread_create_on_node+0x1e0/0x1e0
  901. [25192.601335]\ \ [<ffffffff8182e34f>]\ ret_from_fork+0x3f/0x70
  902. [25192.603193]\ \ [<ffffffff810a0730>]\ ?\ kthread_create_on_node+0x1e0/0x1e0
  903. \f[]
  904. .fi
  905. .PP
  906. There is a bug in the kernel.
  907. A work around appears to be turning off \f[C]splice\f[].
  908. Add \f[C]no_splice_write,no_splice_move,no_splice_read\f[] to
  909. mergerfs\[aq] options.
  910. Should be placed after \f[C]defaults\f[] if it is used since it will
  911. turn them on.
  912. .SH FAQ
  913. .SS Why use mergerfs over mhddfs?
  914. .PP
  915. mhddfs is no longer maintained and has some known stability and security
  916. issues (see below).
  917. MergerFS provides a superset of mhddfs\[aq] features and should offer
  918. the same or maybe better performance.
  919. .SS Why use mergerfs over aufs?
  920. .PP
  921. While aufs can offer better peak performance mergerfs offers more
  922. configurability and is generally easier to use.
  923. mergerfs however doesn\[aq]t offer the same overlay features (which
  924. tends to result in whiteout files being left around the underlying
  925. filesystems.)
  926. .SS Why use mergerfs over LVM/ZFS/BTRFS/RAID0 drive concatenation /
  927. striping?
  928. .PP
  929. With simple JBOD / drive concatenation / stripping / RAID0 a single
  930. drive failure will lead to full pool failure.
  931. mergerfs performs a similar behavior without the catastrophic failure
  932. and general lack of recovery.
  933. Drives can fail and all other data will continue to be accessable.
  934. .PP
  935. When combined with something like SnapRaid (http://www.snapraid.it)
  936. and/or an offsite full backup solution you can have the flexibilty of
  937. JBOD without the single point of failure.
  938. .SS Can drives be written to directly? Outside of mergerfs while pooled?
  939. .PP
  940. Yes.
  941. It will be represented immediately in the pool as the policies would
  942. describe.
  943. .SS Why do I get an "out of space" error even though the system says
  944. there\[aq]s lots of space left?
  945. .PP
  946. Please reread the sections above about policies, path preserving, and
  947. the \f[B]moveonenospc\f[] option.
  948. If the policy is path preserving and a drive is almost full and the
  949. drive the policy would pick then the writing of the file may fill the
  950. drive and receive ENOSPC errors.
  951. That is expected with those settings.
  952. If you don\[aq]t want that: enable \f[B]moveonenospc\f[] and don\[aq]t
  953. use a path preserving policy.
  954. .SS It\[aq]s mentioned that there are some security issues with mhddfs.
  955. What are they? How does mergerfs address them?
  956. .PP
  957. mhddfs (https://github.com/trapexit/mhddfs) tries to handle being run as
  958. \f[B]root\f[] by calling
  959. getuid() (https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319)
  960. and if it returns \f[B]0\f[] then it will
  961. chown (http://linux.die.net/man/1/chown) the file.
  962. Not only is that a race condition but it doesn\[aq]t handle many other
  963. situations.
  964. Rather than attempting to simulate POSIX ACL behaviors the proper
  965. behavior is to use seteuid (http://linux.die.net/man/2/seteuid) and
  966. setegid (http://linux.die.net/man/2/setegid), become the user making the
  967. original call and perform the action as them.
  968. This is how mergerfs (https://github.com/trapexit/mergerfs) handles
  969. things.
  970. .PP
  971. If you are familiar with POSIX standards you\[aq]ll know that this
  972. behavior poses a problem.
  973. \f[B]seteuid\f[] and \f[B]setegid\f[] affect the whole process and
  974. \f[B]libfuse\f[] is multithreaded by default.
  975. We\[aq]d need to lock access to \f[B]seteuid\f[] and \f[B]setegid\f[]
  976. with a mutex so that the several threads aren\[aq]t stepping on one
  977. anofther and files end up with weird permissions and ownership.
  978. This however wouldn\[aq]t scale well.
  979. With lots of calls the contention on that mutex would be extremely high.
  980. Thankfully on Linux and OSX we have a better solution.
  981. .PP
  982. OSX has a non\-portable pthread
  983. extension (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  984. for per\-thread user and group impersonation.
  985. .PP
  986. Linux does not support
  987. pthread_setugid_np (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  988. but user and group IDs are a per\-thread attribute though documentation
  989. on that fact or how to manipulate them is not well distributed.
  990. From the \f[B]4.00\f[] release of the Linux man\-pages project for
  991. setuid (http://man7.org/linux/man-pages/man2/setuid.2.html).
  992. .RS
  993. .PP
  994. At the kernel level, user IDs and group IDs are a per\-thread attribute.
  995. However, POSIX requires that all threads in a process share the same
  996. credentials.
  997. The NPTL threading implementation handles the POSIX requirements by
  998. providing wrapper functions for the various system calls that change
  999. process UIDs and GIDs.
  1000. These wrapper functions (including the one for setuid()) employ a
  1001. signal\-based technique to ensure that when one thread changes
  1002. credentials, all of the other threads in the process also change their
  1003. credentials.
  1004. For details, see nptl(7).
  1005. .RE
  1006. .PP
  1007. Turns out the setreuid syscalls apply only to the thread.
  1008. GLIBC hides this away using RT signals to inform all threads to change
  1009. credentials.
  1010. Taking after \f[B]Samba\f[] mergerfs uses
  1011. \f[B]syscall(SYS_setreuid,...)\f[] to set the callers credentials for
  1012. that thread only.
  1013. Jumping back to \f[B]root\f[] as necessary should escalated privileges
  1014. be needed (for instance: to clone paths).
  1015. .PP
  1016. For non\-Linux systems mergerfs uses a read\-write lock and changes
  1017. credentials only when necessary.
  1018. If multiple threads are to be user X then only the first one will need
  1019. to change the processes credentials.
  1020. So long as the other threads need to be user X they will take a readlock
  1021. allow multiple threads to share the credentials.
  1022. Once a request comes in to run as user Y that thread will attempt a
  1023. write lock and change to Y\[aq]s credentials when it can.
  1024. If the ability to give writers priority is supported then that flag will
  1025. be used so threads trying to change credentials don\[aq]t starve.
  1026. This isn\[aq]t the best solution but should work reasonably well.
  1027. As new platforms are supported if they offer per thread credentials
  1028. those APIs will be adopted.
  1029. .SH SUPPORT
  1030. .SS Issues with the software
  1031. .IP \[bu] 2
  1032. github.com: https://github.com/trapexit/mergerfs/issues
  1033. .IP \[bu] 2
  1034. email: trapexit\@spawn.link
  1035. .SS Support development
  1036. .IP \[bu] 2
  1037. Gratipay: https://gratipay.com/~trapexit
  1038. .IP \[bu] 2
  1039. BitCoin: 12CdMhEPQVmjz3SSynkAEuD5q9JmhTDCZA
  1040. .SH LINKS
  1041. .IP \[bu] 2
  1042. http://github.com/trapexit/mergerfs
  1043. .IP \[bu] 2
  1044. http://github.com/trapexit/mergerfs\-tools
  1045. .IP \[bu] 2
  1046. http://github.com/trapexit/scorch
  1047. .IP \[bu] 2
  1048. http://github.com/trapexit/backup\-and\-recovery\-howtos
  1049. .SH AUTHORS
  1050. Antonio SJ Musumeci <trapexit@spawn.link>.