Mirror
/
mergerfs
mirror of https://github.com/trapexit/mergerfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
268 Commits
28 Branches
95 Tags
35 MiB
Tree: f779f82ed6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f779f82ed6'
${ noResults }
mergerfs/man/mergerfs.1

828 lines
26 KiB
Raw Normal View History

if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update the precompiled man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
update man page
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
add support section to readme and manpage
9 years ago
if pandoc doesn't exist copy premade version
9 years ago
  1. .\"t
  2. .TH "mergerfs" "1" "2016\-01\-21" "mergerfs user manual" ""
  3. .SH NAME
  4. .PP
  5. mergerfs \- another (FUSE based) union filesystem
  6. .SH SYNOPSIS
  7. .PP
  8. mergerfs \-o<options> <srcmounts> <mountpoint>
  9. .SH DESCRIPTION
  10. .PP
  11. \f[B]mergerfs\f[] is a union filesystem geared towards simplifing
  12. storage and management of files across numerous commodity storage
  13. devices.
  14. It is similar to \f[B]mhddfs\f[], \f[B]unionfs\f[], and \f[B]aufs\f[].
  15. .SH FEATURES
  16. .IP \[bu] 2
  17. Runs in userspace (FUSE)
  18. .IP \[bu] 2
  19. Configurable behaviors
  20. .IP \[bu] 2
  21. Support for extended attributes (xattrs)
  22. .IP \[bu] 2
  23. Support for file attributes (chattr)
  24. .IP \[bu] 2
  25. Runtime configurable (via xattrs)
  26. .IP \[bu] 2
  27. Safe to run as root
  28. .IP \[bu] 2
  29. Opportunistic credential caching
  30. .IP \[bu] 2
  31. Works with heterogeneous filesystem types
  32. .IP \[bu] 2
  33. Handling of writes to full drives
  34. .SH OPTIONS
  35. .SS options
  36. .IP \[bu] 2
  37. \f[B]defaults\f[]: a shortcut for FUSE\[aq]s \f[B]atomic_o_trunc\f[],
  38. \f[B]auto_cache\f[], \f[B]big_writes\f[], \f[B]default_permissions\f[],
  39. \f[B]splice_move\f[], \f[B]splice_read\f[], and \f[B]splice_write\f[].
  40. These options seem to provide the best performance.
  41. .IP \[bu] 2
  42. \f[B]direct_io\f[]: causes FUSE to bypass an addition caching step which
  43. can increase write speeds at the detriment of read speed.
  44. .IP \[bu] 2
  45. \f[B]minfreespace\f[]: the minimum space value used for the
  46. \f[B]lfs\f[], \f[B]fwfs\f[], and \f[B]epmfs\f[] policies.
  47. Understands \[aq]K\[aq], \[aq]M\[aq], and \[aq]G\[aq] to represent
  48. kilobyte, megabyte, and gigabyte respectively.
  49. (default: 4G)
  50. .IP \[bu] 2
  51. \f[B]moveonenospc\f[]: when enabled (set to \f[B]true\f[]) if a
  52. \f[B]write\f[] fails with \f[B]ENOSPC\f[] a scan of all drives will be
  53. done looking for the drive with most free space which is at least the
  54. size of the file plus the amount which failed to write.
  55. An attempt to move the file to that drive will occur (keeping all
  56. metadata possible) and if successful the original is unlinked and the
  57. write retried.
  58. (default: false)
  59. .IP \[bu] 2
  60. \f[B]func.<func>=<policy>\f[]: sets the specific FUSE function\[aq]s
  61. policy.
  62. See below for the list of value types.
  63. Example: \f[B]func.getattr=newest\f[]
  64. .IP \[bu] 2
  65. \f[B]category.<category>=<policy>\f[]: Sets policy of all FUSE functions
  66. in the provided category.
  67. Example: \f[B]category.create=mfs\f[]
  68. .PP
  69. \f[B]NOTE:\f[] Options are evaluated in the order listed so if the
  70. options are \f[B]func.rmdir=rand,category.action=ff\f[] the
  71. \f[B]action\f[] category setting will override the \f[B]rmdir\f[]
  72. setting.
  73. .SS srcmounts
  74. .PP
  75. The source mounts argument is a colon (\[aq]:\[aq]) delimited list of
  76. paths.
  77. To make it simpler to include multiple source mounts without having to
  78. modify your fstab (http://linux.die.net/man/5/fstab) we also support
  79. globbing (http://linux.die.net/man/7/glob).
  80. \f[B]The globbing tokens MUST be escaped when using via the shell else
  81. the shell itself will probably expand it.\f[]
  82. .IP
  83. .nf
  84. \f[C]
  85. $\ mergerfs\ /mnt/disk\\*:/mnt/cdrom\ /media/drives
  86. \f[]
  87. .fi
  88. .PP
  89. The above line will use all mount points in /mnt prefixed with
  90. \f[I]disk\f[] and the directory \f[I]cdrom\f[].
  91. .PP
  92. In /etc/fstab it\[aq]d look like the following:
  93. .IP
  94. .nf
  95. \f[C]
  96. #\ <file\ system>\ \ \ \ \ \ \ \ <mount\ point>\ \ <type>\ \ \ \ \ \ \ \ \ <options>\ \ \ \ \ \ \ \ \ \ \ \ \ <dump>\ \ <pass>
  97. /mnt/disk*:/mnt/cdrom\ \ /media/drives\ \ fuse.mergerfs\ \ defaults,allow_other\ \ 0\ \ \ \ \ \ \ 0
  98. \f[]
  99. .fi
  100. .PP
  101. \f[B]NOTE:\f[] the globbing is done at mount or xattr update time.
  102. If a new directory is added matching the glob after the fact it will not
  103. be included.
  104. .SH POLICIES
  105. .PP
  106. Filesystem calls are broken up into 3 categories: \f[B]action\f[],
  107. \f[B]create\f[], \f[B]search\f[].
  108. There are also some calls which have no policy attached due to state
  109. being kept between calls.
  110. These categories can be assigned a policy which dictates how
  111. \f[B]mergerfs\f[] behaves.
  112. Any policy can be assigned to a category though some aren\[aq]t terribly
  113. practical.
  114. For instance: \f[B]rand\f[] (Random) may be useful for \f[B]create\f[]
  115. but could lead to very odd behavior if used for \f[B]search\f[].
  116. .SS Functional classifications
  117. .PP
  118. .TS
  119. tab(@);
  120. l l.
  121. T{
  122. Category
  123. T}@T{
  124. FUSE Functions
  125. T}
  126. _
  127. T{
  128. action
  129. T}@T{
  130. chmod, chown, link, removexattr, rename, rmdir, setxattr, truncate,
  131. unlink, utimens
  132. T}
  133. T{
  134. create
  135. T}@T{
  136. create, mkdir, mknod, symlink
  137. T}
  138. T{
  139. search
  140. T}@T{
  141. access, getattr, getxattr, ioctl, listxattr, open, readlink
  142. T}
  143. T{
  144. N/A
  145. T}@T{
  146. fallocate, fgetattr, fsync, ftruncate, ioctl, read, readdir, release,
  147. statfs, write
  148. T}
  149. .TE
  150. .PP
  151. \f[B]ioctl\f[] behaves differently if its acting on a directory.
  152. It\[aq]ll use the \f[B]getattr\f[] policy to find and open the directory
  153. before issuing the \f[B]ioctl\f[].
  154. In other cases where something may be searched (to confirm a directory
  155. exists across all source mounts) then \f[B]getattr\f[] will be used.
  156. .SS Policy descriptions
  157. .PP
  158. .TS
  159. tab(@);
  160. l l.
  161. T{
  162. Policy
  163. T}@T{
  164. Description
  165. T}
  166. _
  167. T{
  168. ff (first found)
  169. T}@T{
  170. Given the order of the drives act on the first one found (regardless if
  171. stat would return EACCES).
  172. T}
  173. T{
  174. ffwp (first found w/ permissions)
  175. T}@T{
  176. Given the order of the drives act on the first one found which you have
  177. access (stat does not error with EACCES).
  178. T}
  179. T{
  180. newest (newest file)
  181. T}@T{
  182. If multiple files exist return the one with the most recent mtime.
  183. T}
  184. T{
  185. mfs (most free space)
  186. T}@T{
  187. Use the drive with the most free space available.
  188. T}
  189. T{
  190. epmfs (existing path, most free space)
  191. T}@T{
  192. If the path exists on multiple drives use the one with the most free
  193. space and is greater than \f[B]minfreespace\f[].
  194. If no drive has at least \f[B]minfreespace\f[] then fallback to
  195. \f[B]mfs\f[].
  196. T}
  197. T{
  198. fwfs (first with free space)
  199. T}@T{
  200. Pick the first drive which has at least \f[B]minfreespace\f[].
  201. T}
  202. T{
  203. lfs (least free space)
  204. T}@T{
  205. Pick the drive with least available space but more than
  206. \f[B]minfreespace\f[].
  207. T}
  208. T{
  209. rand (random)
  210. T}@T{
  211. Pick an existing drive at random.
  212. T}
  213. T{
  214. all
  215. T}@T{
  216. Applies action to all found.
  217. For searches it will behave like first found \f[B]ff\f[].
  218. T}
  219. T{
  220. enosys, einval, enotsup, exdev, erofs
  221. T}@T{
  222. Exclusively return \f[C]\-1\f[] with \f[C]errno\f[] set to the
  223. respective value.
  224. Useful for debugging other applications\[aq] behavior to errors.
  225. T}
  226. .TE
  227. .SS Defaults
  228. .PP
  229. .TS
  230. tab(@);
  231. l l.
  232. T{
  233. Category
  234. T}@T{
  235. Policy
  236. T}
  237. _
  238. T{
  239. action
  240. T}@T{
  241. all
  242. T}
  243. T{
  244. create
  245. T}@T{
  246. epmfs
  247. T}
  248. T{
  249. search
  250. T}@T{
  251. ff
  252. T}
  253. .TE
  254. .SS rename & link
  255. .PP
  256. rename (http://man7.org/linux/man-pages/man2/rename.2.html) is a tricky
  257. function in a merged system.
  258. Normally if a rename can\[aq]t be done atomically due to the source and
  259. destination paths existing on different mount points it will return
  260. \f[C]\-1\f[] with \f[C]errno\ =\ EXDEV\f[].
  261. The atomic rename is most critical for replacing files in place
  262. atomically (such as securing writing to a temp file and then replacing a
  263. target).
  264. The problem is that by merging multiple paths you can have N instances
  265. of the source and destinations on different drives.
  266. This can lead to several undesirable situtations with or without errors
  267. and it\[aq]s not entirely obvious what to do when an error occurs.
  268. .PP
  269. Originally mergerfs would return EXDEV whenever a rename was requested
  270. which was cross directory in any way.
  271. This made the code simple and was technically complient with POSIX
  272. requirements.
  273. However, many applications fail to handle EXDEV at all and treat it as a
  274. normal error or they only partially support EXDEV (don\[aq]t respond the
  275. same as \f[C]mv\f[] would).
  276. Such apps include: gvfsd\-fuse v1.20.3 and prior, Finder / CIFS/SMB
  277. client in Apple OSX 10.9+, NZBGet, Samba\[aq]s recycling bin feature.
  278. .IP \[bu] 2
  279. If using a policy which tries to preserve directories (epmfs)
  280. .IP \[bu] 2
  281. Using the \f[C]rename\f[] policy get the list of files to rename
  282. .IP \[bu] 2
  283. For each file attempt rename:
  284. .RS 2
  285. .IP \[bu] 2
  286. If failure with ENOENT run \f[C]create\f[] policy
  287. .IP \[bu] 2
  288. If create policy returns the same drive as currently evaluating then
  289. clone the path
  290. .IP \[bu] 2
  291. Re\-attempt rename
  292. .RE
  293. .IP \[bu] 2
  294. If \f[B]any\f[] of the renames succeed the higher level rename is
  295. considered a success
  296. .IP \[bu] 2
  297. If \f[B]no\f[] renames succeed the first error encountered will be
  298. returned
  299. .IP \[bu] 2
  300. On success:
  301. .RS 2
  302. .IP \[bu] 2
  303. Remove the target from all drives with no source file
  304. .IP \[bu] 2
  305. Remove the source from all drives which failed to rename
  306. .RE
  307. .IP \[bu] 2
  308. If using a policy which does \f[B]not\f[] try to preserve directories
  309. .IP \[bu] 2
  310. Using the \f[C]rename\f[] policy get the list of files to rename
  311. .IP \[bu] 2
  312. Using the \f[C]getattr\f[] policy get the target path
  313. .IP \[bu] 2
  314. For each file attempt rename:
  315. .RS 2
  316. .IP \[bu] 2
  317. If the source drive != target drive:
  318. .IP \[bu] 2
  319. Clone target path from target drive to source drive
  320. .IP \[bu] 2
  321. Rename
  322. .RE
  323. .IP \[bu] 2
  324. If \f[B]any\f[] of the renames succeed the higher level rename is
  325. considered a success
  326. .IP \[bu] 2
  327. If \f[B]no\f[] renames succeed the first error encountered will be
  328. returned
  329. .IP \[bu] 2
  330. On success:
  331. .RS 2
  332. .IP \[bu] 2
  333. Remove the target from all drives with no source file
  334. .IP \[bu] 2
  335. Remove the source from all drives which failed to rename
  336. .RE
  337. .PP
  338. The the removals are subject to normal entitlement checks.
  339. .PP
  340. The above behavior will help minimize the likelihood of EXDEV being
  341. returned but it will still be possible.
  342. To remove the possibility all together mergerfs would need to perform
  343. the as \f[C]mv\f[] does when it receives EXDEV normally.
  344. .PP
  345. \f[C]link\f[] uses the same basic strategy.
  346. .SS readdir
  347. .PP
  348. readdir (http://linux.die.net/man/3/readdir) is different from all other
  349. filesystem functions.
  350. It certainly could have it\[aq]s own set of policies to tweak its
  351. behavior.
  352. At this time it provides a simple \f[B]first found\f[] merging of
  353. directories and files found.
  354. That is: only the first file or directory found for a directory is
  355. returned.
  356. Given how FUSE works though the data representing the returned entry
  357. comes from \f[B]getattr\f[].
  358. .PP
  359. It could be extended to offer the ability to see all files found.
  360. Perhaps concatenating \f[B]#\f[] and a number to the name.
  361. But to really be useful you\[aq]d need to be able to access them which
  362. would complicate file lookup.
  363. .SS statvfs
  364. .PP
  365. statvfs (http://linux.die.net/man/2/statvfs) normalizes the source
  366. drives based on the fragment size and sums the number of adjusted blocks
  367. and inodes.
  368. This means you will see the combined space of all sources.
  369. Total, used, and free.
  370. The sources however are dedupped based on the drive so multiple mount
  371. points on the same drive will not result in double counting it\[aq]s
  372. space.
  373. It is possible due to a race condition that the same drive could be
  374. double counted but it\[aq]s rather unlikely.
  375. .SH BUILDING
  376. .PP
  377. \f[B]NOTE:\f[] Prebuilt packages can be found at:
  378. https://github.com/trapexit/mergerfs/releases
  379. .PP
  380. First get the code from github (http://github.com/trapexit/mergerfs).
  381. .IP
  382. .nf
  383. \f[C]
  384. $\ git\ clone\ https://github.com/trapexit/mergerfs.git
  385. $\ #\ or
  386. $\ wget\ https://github.com/trapexit/mergerfs/archive/master.zip
  387. \f[]
  388. .fi
  389. .SS Debian / Ubuntu
  390. .IP
  391. .nf
  392. \f[C]
  393. $\ sudo\ apt\-get\ install\ g++\ pkg\-config\ git\ git\-buildpackage\ pandoc\ debhelper\ libfuse\-dev\ libattr1\-dev\ python
  394. $\ cd\ mergerfs
  395. $\ make\ deb
  396. $\ sudo\ dpkg\ \-i\ ../mergerfs_version_arch.deb
  397. \f[]
  398. .fi
  399. .SS Fedora
  400. .IP
  401. .nf
  402. \f[C]
  403. $\ su\ \-
  404. #\ dnf\ install\ rpm\-build\ fuse\-devel\ libattr\-devel\ pandoc\ gcc\-c++\ git\ make\ which\ python
  405. #\ cd\ mergerfs
  406. #\ make\ rpm
  407. #\ rpm\ \-i\ rpmbuild/RPMS/<arch>/mergerfs\-<verion>.<arch>.rpm
  408. \f[]
  409. .fi
  410. .SS Generically
  411. .PP
  412. Have git, python, pkg\-config, pandoc, libfuse, libattr1 installed.
  413. .IP
  414. .nf
  415. \f[C]
  416. $\ cd\ mergerfs
  417. $\ make
  418. $\ make\ man
  419. $\ sudo\ make\ install
  420. \f[]
  421. .fi
  422. .SH RUNTIME
  423. .SS \&.mergerfs pseudo file
  424. .IP
  425. .nf
  426. \f[C]
  427. <mountpoint>/.mergerfs
  428. \f[]
  429. .fi
  430. .PP
  431. There is a pseudo file available at the mount point which allows for the
  432. runtime modification of certain \f[B]mergerfs\f[] options.
  433. The file will not show up in \f[B]readdir\f[] but can be
  434. \f[B]stat\f[]\[aq]ed and manipulated via
  435. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls.
  436. .PP
  437. Even if xattrs are disabled the
  438. {list,get,set}xattrs (http://linux.die.net/man/2/listxattr) calls will
  439. still work.
  440. .SS Keys
  441. .PP
  442. Use \f[C]xattr\ \-l\ /mount/point/.mergerfs\f[] to see all supported
  443. keys.
  444. .SS Example
  445. .IP
  446. .nf
  447. \f[C]
  448. [trapexit:/tmp/mount]\ $\ xattr\ \-l\ .mergerfs
  449. user.mergerfs.srcmounts:\ /tmp/a:/tmp/b
  450. user.mergerfs.minfreespace:\ 4294967295
  451. user.mergerfs.moveonenospc:\ false
  452. user.mergerfs.policies:\ all,einval,enosys,enotsup,epmfs,erofs,exdev,ff,ffwp,fwfs,lfs,mfs,newest,rand
  453. user.mergerfs.version:\ x.y.z
  454. user.mergerfs.category.action:\ all
  455. user.mergerfs.category.create:\ epmfs
  456. user.mergerfs.category.search:\ ff
  457. user.mergerfs.func.access:\ ff
  458. user.mergerfs.func.chmod:\ all
  459. user.mergerfs.func.chown:\ all
  460. user.mergerfs.func.create:\ epmfs
  461. user.mergerfs.func.getattr:\ ff
  462. user.mergerfs.func.getxattr:\ ff
  463. user.mergerfs.func.link:\ all
  464. user.mergerfs.func.listxattr:\ ff
  465. user.mergerfs.func.mkdir:\ epmfs
  466. user.mergerfs.func.mknod:\ epmfs
  467. user.mergerfs.func.open:\ ff
  468. user.mergerfs.func.readlink:\ ff
  469. user.mergerfs.func.removexattr:\ all
  470. user.mergerfs.func.rename:\ all
  471. user.mergerfs.func.rmdir:\ all
  472. user.mergerfs.func.setxattr:\ all
  473. user.mergerfs.func.symlink:\ epmfs
  474. user.mergerfs.func.truncate:\ all
  475. user.mergerfs.func.unlink:\ all
  476. user.mergerfs.func.utimens:\ all
  478. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  479. ff
  481. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.category.search\ ffwp\ .mergerfs
  482. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.category.search\ .mergerfs
  483. ffwp
  485. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ +/tmp/c\ .mergerfs
  486. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  487. /tmp/a:/tmp/b:/tmp/c
  489. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ =/tmp/c\ .mergerfs
  490. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  491. /tmp/c
  493. [trapexit:/tmp/mount]\ $\ xattr\ \-w\ user.mergerfs.srcmounts\ \[aq]+</tmp/a:/tmp/b\[aq]\ .mergerfs
  494. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.srcmounts\ .mergerfs
  495. /tmp/a:/tmp/b:/tmp/c
  496. \f[]
  497. .fi
  498. .SS user.mergerfs.srcmounts
  499. .PP
  500. For \f[B]user.mergerfs.srcmounts\f[] there are several instructions
  501. available for manipulating the list.
  502. The value provided is just as the value used at mount time.
  503. A colon (\[aq]:\[aq]) delimited list of full path globs.
  504. .PP
  505. .TS
  506. tab(@);
  507. l l.
  508. T{
  509. Instruction
  510. T}@T{
  511. Description
  512. T}
  513. _
  514. T{
  515. [list]
  516. T}@T{
  517. set
  518. T}
  519. T{
  520. +<[list]
  521. T}@T{
  522. prepend
  523. T}
  524. T{
  525. +>[list]
  526. T}@T{
  527. append
  528. T}
  529. T{
  530. \-[list]
  531. T}@T{
  532. remove all values provided
  533. T}
  534. T{
  535. \-<
  536. T}@T{
  537. remove first in list
  538. T}
  539. T{
  540. \->
  541. T}@T{
  542. remove last in list
  543. T}
  544. .TE
  545. .SS minfreespace
  546. .PP
  547. Input: interger with an optional multiplier suffix.
  548. \f[B]K\f[], \f[B]M\f[], or \f[B]G\f[].
  549. .PP
  550. Output: value in bytes
  551. .SS moveonenospc
  552. .PP
  553. Input: \f[B]true\f[] and \f[B]false\f[]
  554. .PP
  555. Ouput: \f[B]true\f[] or \f[B]false\f[]
  556. .SS categories / funcs
  557. .PP
  558. Input: short policy string as described elsewhere in this document
  559. .PP
  560. Output: the policy string except for categories where its funcs have
  561. multiple types.
  562. In that case it will be a comma separated list.
  563. .SS mergerfs file xattrs
  564. .PP
  565. While they won\[aq]t show up when using
  566. listxattr (http://linux.die.net/man/2/listxattr) \f[B]mergerfs\f[]
  567. offers a number of special xattrs to query information about the files
  568. served.
  569. To access the values you will need to issue a
  570. getxattr (http://linux.die.net/man/2/getxattr) for one of the following:
  571. .IP \[bu] 2
  572. \f[B]user.mergerfs.basepath:\f[] the base mount point for the file given
  573. the current getattr policy
  574. .IP \[bu] 2
  575. \f[B]user.mergerfs.relpath:\f[] the relative path of the file from the
  576. perspective of the mount point
  577. .IP \[bu] 2
  578. \f[B]user.mergerfs.fullpath:\f[] the full path of the original file
  579. given the getattr policy
  580. .IP \[bu] 2
  581. \f[B]user.mergerfs.allpaths:\f[] a NUL (\[aq]\[aq]) separated list of
  582. full paths to all files found
  583. .IP
  584. .nf
  585. \f[C]
  586. [trapexit:/tmp/mount]\ $\ ls
  587. A\ B\ C
  588. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.fullpath\ A
  589. /mnt/a/full/path/to/A
  590. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.basepath\ A
  591. /mnt/a
  592. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.relpath\ A
  593. /full/path/to/A
  594. [trapexit:/tmp/mount]\ $\ xattr\ \-p\ user.mergerfs.allpaths\ A\ |\ tr\ \[aq]\\0\[aq]\ \[aq]\\n\[aq]
  595. /mnt/a/full/path/to/A
  596. /mnt/b/full/path/to/A
  597. \f[]
  598. .fi
  599. .SH TOOLING
  600. .PP
  601. Find extra tooling to help with managing \f[C]mergerfs\f[] at:
  602. https://github.com/trapexit/mergerfs\-tools
  603. .IP \[bu] 2
  604. fsck.mergerfs: Provides permissions and ownership auditing and the
  605. ability to fix them
  606. .SH TIPS / NOTES
  607. .IP \[bu] 2
  608. If you don\[aq]t see some directories / files you expect in a merged
  609. point be sure the user has permission to all the underlying directories.
  610. If \f[C]/drive0/a\f[] has is owned by \f[C]root:root\f[] with ACLs set
  611. to \f[C]0700\f[] and \f[C]/drive1/a\f[] is \f[C]root:root\f[] and
  612. \f[C]0755\f[] you\[aq]ll see only \f[C]/drive1/a\f[].
  613. Use \f[C]fsck.mergerfs\f[] to audit the drive for out of sync
  614. permissions.
  615. .IP \[bu] 2
  616. Since POSIX gives you only error or success on calls its difficult to
  617. determine the proper behavior when applying the behavior to multiple
  618. targets.
  619. \f[B]mergerfs\f[] will return an error only if all attempts of an action
  620. fail.
  621. Any success will lead to a success returned.
  622. .IP \[bu] 2
  623. The recommended options are \f[B]defaults,allow_other\f[].
  624. The \f[B]allow_other\f[] is to allow users who are not the one which
  625. executed mergerfs access to the mountpoint.
  626. \f[B]defaults\f[] is described above and should offer the best
  627. performance.
  628. It\[aq]s possible that if you\[aq]re running on an older platform the
  629. \f[B]splice\f[] features aren\[aq]t available and could error.
  630. In that case simply use the other options manually.
  631. .IP \[bu] 2
  632. If write performance is valued more than read it may be useful to enable
  633. \f[B]direct_io\f[].
  634. Best to benchmark with and without and choose appropriately.
  635. .IP \[bu] 2
  636. Remember: some policies mixed with some functions may result in strange
  637. behaviors.
  638. Not that some of these behaviors and race conditions couldn\[aq]t happen
  639. outside \f[B]mergerfs\f[] but that they are far more likely to occur on
  640. account of attempt to merge together multiple sources of data which
  641. could be out of sync due to the different policies.
  642. .IP \[bu] 2
  643. An example: Kodi (http://kodi.tv) and Plex (http://plex.tv) can use
  644. directory mtime (http://linux.die.net/man/2/stat) to more efficiently
  645. determine whether to scan for new content rather than simply performing
  646. a full scan.
  647. If using the current default \f[B]getattr\f[] policy of \f[B]ff\f[] its
  648. possible \f[B]Kodi\f[] will miss an update on account of it returning
  649. the first directory found\[aq]s \f[B]stat\f[] info and its a later
  650. directory on another mount which had the \f[B]mtime\f[] recently
  651. updated.
  652. To fix this you will want to set \f[B]func.getattr=newest\f[].
  653. Remember though that this is just \f[B]stat\f[].
  654. If the file is later \f[B]open\f[]\[aq]ed or \f[B]unlink\f[]\[aq]ed and
  655. the policy is different for those then a completely different file or
  656. directory could be acted on.
  657. .IP \[bu] 2
  658. Due to previously mentioned issues its generally best to set
  659. \f[B]category\f[] wide policies rather than individual
  660. \f[B]func\f[]\[aq]s.
  661. This will help limit the confusion of tools such as
  662. rsync (http://linux.die.net/man/1/rsync).
  663. .SH Known Issues / Bugs
  664. .SS Samba
  665. .IP \[bu] 2
  666. Moving files or directories between some directories on a SMB share fail
  667. with IO errors.
  668. .RS 2
  669. .PP
  670. Workaround: Copy the file/directory and then remove the original rather
  671. than move.
  672. .PP
  673. This isn\[aq]t an issue with Samba but some SMB clients.
  674. GVFS\-fuse v1.20.3 and prior (found in Ubuntu 14.04 among others) failed
  675. to handle certain error codes correctly.
  676. Particularly \f[B]STATUS_NOT_SAME_DEVICE\f[] which comes from the
  677. \f[B]EXDEV\f[] which is returned by \f[B]rename\f[] when the call is
  678. crossing mount points.
  679. When a program gets an \f[B]EXDEV\f[] it needs to explicitly take an
  680. alternate action to accomplish it\[aq]s goal.
  681. In the case of \f[B]mv\f[] or similar it tries \f[B]rename\f[] and on
  682. \f[B]EXDEV\f[] falls back to a manual copying of data between the two
  683. locations and unlinking the source.
  684. In these older versions of GVFS\-fuse if it received \f[B]EXDEV\f[] it
  685. would translate that into \f[B]EIO\f[].
  686. This would cause \f[B]mv\f[] or most any application attempting to move
  687. files around on that SMB share to fail with a IO error.
  688. .PP
  689. GVFS\-fuse v1.22.0 (https://bugzilla.gnome.org/show_bug.cgi?id=734568)
  690. and above fixed this issue but a large number of systems use the older
  691. release.
  692. On Ubuntu the version can be checked by issuing
  693. \f[C]apt\-cache\ showpkg\ gvfs\-fuse\f[].
  694. Most distros released in 2015 seem to have the updated release and will
  695. work fine but older systems may not.
  696. Upgrading gvfs\-fuse or the distro in general will address the problem.
  697. .PP
  698. In Apple\[aq]s MacOSX 10.9 they replaced Samba (client and server) with
  699. their own product.
  700. It appears their new client does not handle \f[B]EXDEV\f[] either and
  701. responds similar to older release of gvfs on Linux.
  702. .RE
  703. .SS Supplemental groups
  704. .IP \[bu] 2
  705. Due to the overhead of
  706. getgroups/setgroups (http://linux.die.net/man/2/setgroups) mergerfs
  707. utilizes a cache.
  708. This cache is opportunistic and per thread.
  709. Each thread will query the supplemental groups for a user when that
  710. particular thread needs to change credentials and will keep that data
  711. for the lifetime of the mount or thread.
  712. This means that if a user is added to a group it may not be picked up
  713. without the restart of mergerfs.
  714. However, since the high level FUSE API\[aq]s (at least the standard
  715. version) thread pool dynamically grows and shrinks it\[aq]s possible
  716. that over time a thread will be killed and later a new thread with no
  717. cache will start and query the new data.
  718. .RS 2
  719. .PP
  720. The gid cache uses fixed storage to simplify the design and be
  721. compatible with older systems which may not have C++11 compilers (as the
  722. original design required).
  723. There is enough storage for 256 users\[aq] supplemental groups.
  724. Each user is allowed upto 32 supplemental groups.
  725. Linux >= 2.6.3 allows upto 65535 groups per user but most other *nixs
  726. allow far less.
  727. NFS allowing only 16.
  728. The system does handle overflow gracefully.
  729. If the user has more than 32 supplemental groups only the first 32 will
  730. be used.
  731. If more than 256 users are using the system when an uncached user is
  732. found it will evict an existing user\[aq]s cache at random.
  733. So long as there aren\[aq]t more than 256 active users this should be
  734. fine.
  735. If either value is too low for your needs you will have to modify
  736. \f[C]gidcache.hpp\f[] to increase the values.
  737. Note that doing so will increase the memory needed by each thread.
  738. .RE
  739. .SH FAQ
  740. .PP
  741. \f[I]It\[aq]s mentioned that there are some security issues with mhddfs.
  742. What are they? How does mergerfs address them?\f[]
  743. .PP
  744. mhddfs (https://github.com/trapexit/mhddfs) tries to handle being run as
  745. \f[B]root\f[] by calling
  746. getuid() (https://github.com/trapexit/mhddfs/blob/cae96e6251dd91e2bdc24800b4a18a74044f6672/src/main.c#L319)
  747. and if it returns \f[B]0\f[] then it will
  748. chown (http://linux.die.net/man/1/chown) the file.
  749. Not only is that a race condition but it doesn\[aq]t handle many other
  750. situations.
  751. Rather than attempting to simulate POSIX ACL behaviors the proper
  752. behavior is to use seteuid (http://linux.die.net/man/2/seteuid) and
  753. setegid (http://linux.die.net/man/2/setegid), become the user making the
  754. original call and perform the action as them.
  755. This is how mergerfs (https://github.com/trapexit/mergerfs) handles
  756. things.
  757. .PP
  758. If you are familiar with POSIX standards you\[aq]ll know that this
  759. behavior poses a problem.
  760. \f[B]seteuid\f[] and \f[B]setegid\f[] affect the whole process and
  761. \f[B]libfuse\f[] is multithreaded by default.
  762. We\[aq]d need to lock access to \f[B]seteuid\f[] and \f[B]setegid\f[]
  763. with a mutex so that the several threads aren\[aq]t stepping on one
  764. another and files end up with weird permissions and ownership.
  765. This however wouldn\[aq]t scale well.
  766. With lots of calls the contention on that mutex would be extremely high.
  767. Thankfully on Linux and OSX we have a better solution.
  768. .PP
  769. OSX has a non\-portable pthread
  770. extension (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  771. for per\-thread user and group impersonation.
  772. .PP
  773. Linux does not support
  774. pthread_setugid_np (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man2/pthread_setugid_np.2.html)
  775. but user and group IDs are a per\-thread attribute though documentation
  776. on that fact or how to manipulate them is not well distributed.
  777. From the \f[B]4.00\f[] release of the Linux man\-pages project for
  778. setuid (http://man7.org/linux/man-pages/man2/setuid.2.html)
  779. .RS
  780. .PP
  781. At the kernel level, user IDs and group IDs are a per\-thread attribute.
  782. However, POSIX requires that all threads in a process share the same
  783. credentials.
  784. The NPTL threading implementation handles the POSIX requirements by
  785. providing wrapper functions for the various system calls that change
  786. process UIDs and GIDs.
  787. These wrapper functions (including the one for setuid()) employ a
  788. signal\-based technique to ensure that when one thread changes
  789. credentials, all of the other threads in the process also change their
  790. credentials.
  791. For details, see nptl(7).
  792. .RE
  793. .PP
  794. Turns out the setreuid syscalls apply only to the thread.
  795. GLIBC hides this away using RT signals to inform all threads to change
  796. credentials.
  797. Taking after \f[B]Samba\f[] mergerfs uses
  798. \f[B]syscall(SYS_setreuid,...)\f[] to set the callers credentials for
  799. that thread only.
  800. Jumping back to \f[B]root\f[] as necessary should escalated privileges
  801. be needed (for instance: to clone paths).
  802. .PP
  803. For non\-Linux systems mergerfs uses a read\-write lock and changes
  804. credentials only when necessary.
  805. If multiple threads are to be user X then only the first one will need
  806. to change the processes credentials.
  807. So long as the other threads need to be user X they will take a readlock
  808. allow multiple threads to share the credentials.
  809. Once a request comes in to run as user Y that thread will attempt a
  810. write lock and change to Y\[aq]s credentials when it can.
  811. If the ability to give writers priority is supported then that flag will
  812. be used so threads trying to change credentials don\[aq]t starve.
  813. This isn\[aq]t the best solution but should work reasonably well.
  814. As new platforms are supported if they offer per thread credentials
  815. those APIs will be adopted.
  816. .SH SUPPORT
  817. .SS Issues with the software
  818. .IP \[bu] 2
  819. github.com: https://github.com/trapexit/mergerfs/issues
  820. .IP \[bu] 2
  821. email: trapexit\@spawn.link
  822. .SS Support development
  823. .IP \[bu] 2
  824. Gratipay: https://gratipay.com/~trapexit
  825. .IP \[bu] 2
  826. BitCoin: 12CdMhEPQVmjz3SSynkAEuD5q9JmhTDCZA
  827. .SH AUTHORS
  828. Antonio SJ Musumeci <trapexit@spawn.link>.