FreeBSD Manual Pages
@PROGRAM_NAME@(8) System Manager's Manual @PROGRAM_NAME@(8) NAME @PROGRAM_NAME@ - Mount a WebDAV resource as @PACKAGE@ file system SYNOPSIS @PROGRAM_NAME@ [-h | --help] [-V | --version] mount {dir | webdavserver} SYNOPSIS (root only) mount -t davfs [-o option[,...]] webdavserver dir @PROGRAM_NAME@ [-o option[,...]] webdavserver dir DESCRIPTION @PROGRAM_NAME@ allows you to mount the WebDAV resource identified by webdavserver into the local filesystem at dir. WebDAV is an extension to HTTP that allows remote, collaborative authoring of Web resources, defined in RFC 4918. @PROGRAM_NAME@ is part of @PACKAGE@. @PACKAGE@ allows documents on a remote Web server to be edited using standard applications. For example, a remote Web site could be updated in-place using the same development tools that initially created the site. Or you may use a WebDAV resource for documents you want to ac- cess and edited from different locations. @PACKAGE@ supports TLS/SSL (if the neon library supports it) and prox- ies. @PROGRAM_NAME@ runs as a daemon in userspace. It integrates into the virtual file system by the fuse kernel files system. Currently FUSE_KERNEL_VERSION 7 is supported. @PROGRAM_NAME@ is usually invoked by the mount(8) command when using the -t davfs option. After mounting it runs as a daemon. To unmount the umount(8) command is used. webdavserver is the URL of the server. It must at least contain the host name. It may additionally contain the scheme, the port and the path. Missing components are set to sensible default values. The path component must not be %-encoded, but when entering the URL at the com- mand line or in /etc/fstab the escaping rules of the shell or fstab must be obeyed. dir is the mountpoint where the WebDAV resource is mounted on. It may be an absolute or relative path. fstab may be used to define mounts and mount options as usual. In place of the device the url of the WebDAV server must be given. There must not be more than one entry in fstab for every mountpoint. OPTIONS -V --version Output version. -h --help Print a help message. -o A comma-separated list defines mount options to be used. Avail- able options are: [no]auto Can (not) be mounted with mount -a. Default: auto. comment=some comment This option is ignored by @PROGRAM_NAME@ but other pro- grams may require it to be present in fstab. conf=absolute path An alternative user configuration file. This option is intended for cases where the default user configuration file in the users home directory can not be used. Default: ~/.@PACKAGE@/@CONFIGFILE@ [no]dev (Do not) interpret character or block special devices on the file system. This option is only included for compatibility with the mount(8) program. It will always be set to nodev dir_mode=mode The default mode bits for directories in the mounted file system. Value given in octal. s-bits for user and group are always silently ignored. Default: calculated from the umask of the mounting user; an x-bit is associated to every r-bit in u-g-o. [no]exec (Do not) allow execution of any binaries on the mounted file system. Default: exec. (When mounting as an ordinary user, the mount(8) program will set the default to noexec.) file_mode=mode The default mode bits for files in the mounted file sys- tem. Value given in octal. s-bits for user and group are always silently ignored. Default: calculated from the umask of the mounting user; no x-bits are set for files. gid=group The group the mounted file system belongs to. It may be a numeric ID or a group name. The mounting user, if not root, must be member of this group. Default: the primary group of the mounting user. [no]grpid When this option is set a newly created file will take the group id of the directory in which it is created. This will also apply to all files that are on the server and not in the local cache. (That is because the group id is not stored on the server.) If the group id of the directory is root this option is ignored. Default: nogrpid. [no]_netdev The file system needs a (no) network connection for oper- ation. This information allows the operating system to handle the file system properly at system start and when the network is shut down. Default: _netdev ro Mount the file system read-only. Default: rw. rw Mount the file system read-write. Default: rw. [no]suid Do not allow set-user-identifier or set-group-identifier bits to take effect. This option is only included for compatibility with the mount program. It will always be set to nosuid. [no]user (Do not) allow an ordinary user to mount the file system. The name of the mounting user is written to mtab so that he can unmount the file system again. Option user implies the options noexec, nosuid and nodev (unless overridden by subsequent options). This option makes only sense when set in fstab. Default: ordinary users are not allowed to mount. users Like user, but any user is allowed to unmount the file system, not only the mounting user. This is generally not recommended. If the user option allows an unprivileged user to mount, but unmounting by the mounting user fails the users may be a work around. Default: only the mounting user is allowed to unmount the file system. uid=user The owner of the mounted file system. It may be a numeric ID or a user name. Only when mounted by root, this may be different from the mounting user. Default: ID of the mounting user. username=WebDAV_user Use this name to authenticate with the WebDAV server. This option is intended for use with pam_mount only. When this option is set the credentials in the secrets files will be ignored. The password will always be read from stdin, even when option askauth is set to 0. Do not use it in fstab. The username will be visible for everyone in the output of ps. Default: no username. SECURITY POLICY @PROGRAM_NAME@ needs root privileges for mounting. But running a dae- mon, that is connected to the internet, with root privileges is a secu- rity risk. So @PROGRAM_NAME@ will change its uid and gid when entering daemon mode. When invoked by root @PROGRAM_NAME@ will run as user @USER@ and group @GROUP@. This may be changed in @SYS_CONF_DIR@/@CONFIG- FILE@. When invoked by an ordinary user it will run with the id of this user and with group @GROUP@. As the file system may be mounted over an insecure internet connection, this increases the risk that malicious content may be included in the file system. So @PROGRAM_NAME@ is slightly more restrictive than mount(8). Options nosuid and nodev will always be set; even root can not change this. For ordinary users to be able to mount, they must be member of group @GROUP@ and there must be an entry in fstab. When the mount point given in fstab is a relative file name and the file system is mounted by an unprivileged user, the mount point must lie within the home directory of the mounting user. If in fstab option uid and/or gid are given, an ordinary user can only mount, if her uid is the one given in option uid and he belongs to the group given in option gid. WARNING: If root allows an ordinary user to mount a file system (using fstab) this includes the permission to read the associated credentials from @SYS_CONF_DIR@/@SECRETSFILE@ as well as the private key of the as- sociated client certificate and the mounting user may get access to this information. You should only do this, if you might as well give this information to the user directly. URLS AND MOUNT POINTS WITH SPACES Special characters like spaces in pathnames are a mess. They are inter- preted differently by different programs and protocols, and there are different rules for escaping. In fstab spaces must be replaced by a three digit octal escape se- quence. Write http://foo.bar/path\040with\040spaces instead of http://foo.bar/path with spaces. For the @CONFIGFILE@ and the @SECRETSFILE@ files please see the escape and quotation rules described in the @CONFIGFILE@(5) man page. On command line you must obey the escaping rules of the shell. CACHING @PROGRAM_NAME@ tries to reduce HTTP-trafic by caching and reusing data. Information about directories and files are held in memory, while down- loaded files are cached on disk. @PROGRAM_NAME@ needs to hold a local copy of all open files in the cache directory. Please make sure that enough local disk space is available. @PROGRAM_NAME@ will consider cached information about directories and file attributes valid for a configurable time and look up this informa- tion on the server only after this time has expired (or there is other evidence that this information is stale). So if somebody else creates or deletes files on the server it may take some time before the local file system reflects this. This will not affect the content of files and directory listings. When- ever a file is opened, the server is looked up for a newer version of the file. Please consult the manual @CONFIGFILE@(5) to see how can you configure this according your needs. LOCKS, LOST UPDATE PROBLEM AND BACKUP FILES WebDAV introduced locks and @PROGRAM_NAME@ uses them by default. This will in most cases prevent two people from changing the same file in parallel. But not always: You might have disabled locks in @SYS_CONF_DIR@/@CONFIGFILE@ or ~/.@PACKAGE@/@CONFIGFILE@. The server might not support locks (they are not mandatory). A bad connection might prevent @PROGRAM_NAME@ from refreshing the lock in time. Another WebDAV-client might use your lock (that is not too dif- ficult and might even happen without intention). @PROGRAM_NAME@ will therefore check if the file has been changed on the the server before it uploads a new version. If it finds it impossible to upload the locally changed file, it will store it in the local backup directory lost+found. You should check this directory from time to time and decide what to do with this files. Sometimes locks held by some client on the server will not be released. Maybe the client crashes or the network connection fails. When @PRO- GRAM_NAME@ finds a file locked on the server, it will check whether the lock is held by @PROGRAM_NAME@ and the current user, and if so tries to reuse and release it. But this will not always succeed. So servers should automatically release locks after some time, when they are not refreshed by the client. WebDAV allows one to lock files that don't exist (to protect the name when a client intends to create a new file). This locks will be dis- played as files with size 0 and last modified date of 1970-01-01. If this locks are not released properly @PROGRAM_NAME@ may not be able to access this files. You can use cadaver(1) <http://www.webdav.org/ca- daver/> to remove this locks. FILE OWNER AND PERMISSIONS @PACKAGE@ implements Unix permissions for access control. But changing owner and permissions of a file is only local. It is intended as a means for the owner of the file system, to control whether other local users may access this file system. The server does not know about this. From the servers point of view there is just one user (identified by the credentials) connected. An- other WebDAV-client, connected to the same server, is not affected by this local changes. There is one exception: The execute bit on files is stored as a prop- erty on the sever. You may think of this property as an information about the type of file rather than a permission. Whether the file is executable on the local system is still controlled by mount options and local permissions. When the file system is unmounted, attributes of cached files (includ- ing owner and permissions) are stored in cache, as well as the attrib- uts of the directories they are in. But there is no information stored about directories that do not contain cached files. FILES @SYS_CONF_DIR@/@CONFIGFILE@ System wide configuration file. ~/.@PACKAGE@/@CONFIGFILE@ Configuration file in the users home directory.The user configu- ration takes precedence over the system wide configuration. If it does not exist, @PROGRAM_NAME@ will will create a template file. @SYS_CONF_DIR@/@SECRETSFILE@ Holds the credentials for WebDAV servers and the proxy, as well as decryption passwords for client certificates. The file must be read-writable by root only. ~/.@PACKAGE@/@SECRETSFILE@ Holds credentials for WebDAV servers and proxy, as well as de- cryption passwords for client certificates. The file must be read-writable by the owner only. Credentials are first looked up in the home directory of the mounting user. If not found there the system wide secrets file is consulted. If no creditentials and passwords are found they are asked from the user interac- tively (if not disabled). If the file does not exist, @PRO- GRAM_NAME@ will will create a template file. @SYS_CONF_DIR@/@CERTS_DIR@ You may store trusted server certificates here, that can not be verified by use of the system wide CA-Certificates. This is use- ful when your server uses a selfmade certificate. You must con- figure the servercert option in @SYS_CONF_DIR@/@CONFIGFILE@ or ~/.@PACKAGE@/@CONFIGFILE@ to use it. Certificates must be in PEM format. Be sure to verify the certificate. ~/.@PACKAGE@/@CERTS_DIR@ You may store trusted server certificates here, that can not be verified by use of the system wide CA-Certificates. This is use- ful when your server uses a selfmade certificate. You must con- figure the servercert option in ~/.@PACKAGE@/@CONFIGFILE@ to use it. Certificates must be in PEM format. Be sure to verify the certificate. @SYS_CONF_DIR@/@CERTS_DIR@/@CLICERTS_DIR@ To store client certificates. Certificates must be in PKCS#12 format. You must configure the clientcert option in @SYS_CONF_DIR@/@CONFIGFILE@ or ~/.@PACKAGE@/@CONFIGFILE@ to use it. This directory must be rwx by root only. ~/.@PACKAGE@/@CERTS_DIR@/@CLICERTS_DIR@ To store client certificates. Certificates must be in PKCS#12 format. You must configure the clientcert option in ~/.@PACK- AGE@/@CONFIGFILE@ to use it. This directory must be rwx by the owner only. @SYS_RUN@ PID-files of running mount.davfs processes are stored there. This directory must belong to group @USER@ with write permis- sions for the group and the sticky-bit set (mode 1775). The PID-files are named after the mount point of the file system. @SYS_CACHE_DIR@ System wide directory for cached files. Used when the file sys- tem is mounted by root. It must belong do group @USER@ and read, write and execute bits for group must be set. There is a subdi- rectory for every mounted file system. The names of this subdi- rectories are created from url, mount point and user name. ~/.@PACKAGE@/cache Cache directory in the mounting users home directory. For every mounted WebDAV resource a subdirectory is created. @PROGRAM_NAME@ will try to create missing directories, but it will not touch @SYS_CONF_DIR@. ENVIRONMENT DAVFS_PASSWORD If set, this environment variable will be used as the password for WebDAV authentication if no password is specified via the command line option and in preference to anything found in se- crets files. This allows for scripted mounting without storing passwords in files or exposing them in command line arguments; especially relevant in the context of CI runners. https_proxy http_proxy all_proxy If no proxy is defined in the configuration file the value is taken from this environment variables. The proxy may be given with or without scheme and with or without port http_proxy=[http://]foo.bar[:3218] Only used when the mounting user is root. no_proxy A comma separated list of domain names that shall be accessed directly. * matches any domain name. A domain name starting with . (period) matches all subdomains. Only used when the mounting user is root. Not applied when the proxy is defined in @SYS_CONF_DIR@. EXAMPLES Non root user (e.g. filomena): To allow an ordinary user to mount there must be an entry in fstab http://webdav.org/dav /media/dav davfs noauto,user 0 0 If a proxy must be used this should be configured in @SYS_CONF_DIR@/@CONFIGFILE@ proxy proxy.mycompany.com:8080 Credentials are stored in /home/filomena/.@PACKAGE@/@SECRETSFILE@ proxy.mycompany.com filomena "my secret" /media/dav webdav-username password If you have two-factor authentication enabled and if you can provide the token together with the password in the form of password:token, then add the string '2FA' as the forth parameter and you will be asked for token during mounting. /media/dav user-name "p@ss\"w0rd" 2FA Now the WebDAV resource may be mounted by user filomena invoking mount /media/dav and unmounted by user filomena invoking umount /media/dav Root user only: Mounts the resource https://asciigirl.com/webdav at mount point /mount/site, encrypting all traffic with SSL. Credentials for http://webdav.org/dav will be looked up in @SYS_CONF_DIR@/@SECRETS- FILE@, if not found there the user will be asked. mount -t davfs -o uid=otto,gid=users,mode=775 https://asci- igirl.com/webdav /mount/site Mounts the resource http://linux.org.ar/repos at /dav. mount.davfs -o uid=otto,gid=users,mode=775 http://linux.org.ar/repos/ /dav BUGS @PACKAGE@ does not support links. A @PACKAGE@ file system cannot be moved with mount --move. AUTHORS This man page was written by Luciano Bello <luciano@linux.org.ar> for Debian, for version 0.2.3 of davfs2. It has been updated for this version by Werner Baumann <werner.bau- mann@onlinhome.de>. @PACKAGE@ is developed by Sung Kim <hunkim@gmail.com>. Version 1.0.0 (and later) of @PACKAGE@ is a complete rewrite by Werner Baumann. DAVFS2 HOME @PACKAGE_BUGREPORT@ SEE ALSO u@PROGRAM_NAME@(8), @CONFIGFILE@(5), mount(8), umount(8), fstab(5) @PACKAGE_STRING@ 2020-08-03 @PROGRAM_NAME@(8)
NAME | SYNOPSIS | SYNOPSIS (root only) | DESCRIPTION | OPTIONS | SECURITY POLICY | URLS AND MOUNT POINTS WITH SPACES | CACHING | LOCKS, LOST UPDATE PROBLEM AND BACKUP FILES | FILE OWNER AND PERMISSIONS | FILES | ENVIRONMENT | EXAMPLES | BUGS | AUTHORS | DAVFS2 HOME | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mount.davfs&sektion=8&manpath=FreeBSD+Ports+15.0>