Calvin's Blog

fstab and noauto

· 3min · Calvin Yong
Table of Contents

I usually prefer to explicitly mount my filesystems rather than automount them with /etc/fstab. I like keeping files outside my root partition away from it until I need them. I could try using systemd automounts, but I didn't fancy the idea too much. At the same time, sometimes I wish I could use additional filesystem features like compression without having to type in the mount options in every explicit mount command. I found out that using fstab with the noauto option resolves that issue.

Using /etc/fstab and noauto

The fstab option noauto makes it so that your filesystem does not get automatically mounted, and that the device must be explicitly mounted. The main reason why I like the noauto option is to shortcut/alias mount commands. To illustrate that, first I'll show an explicit mount command:

sudo mount /dev/sda1 /mnt

If we run that command, linux will mount it with the default kernel and filesystem options. Now I'll write an equivalent fstab entry for /dev/sda1. Say it has UUID e4a231b7-8f35-486e-a7ec-64580e01572e (see this on how to find the UUID) and filesystem btrfs.

UUID=e4a231b7-8f35-486e-a7ec-64580e01572e /mnt btrfs defaults,noauto 0 0

If fstab were to mount that entry, we would mount the same filesystem in the same mount point with the same mount options, as if we were to explicitly mount it. But now we have some benefits. One benefit is if we were to omit either the partition or the mount point, mount can still mount the filesystem since it can look up the omitted information in fstab.

The second benefit, and what made me use fstab more often, is being able to set mount options for explicit mounts, without automounting the fstab entry. Below are some mount options for hardening and to enable compression on btrfs:

UUID=e4a231b7-8f35-486e-a7ec-64580e01572e /mnt btrfs defaults,noauto,noexec,nodev,nosuid,compress=zstd:5 0 0

Now if I run the following (after reloading the systemd manager configuration with systemctl daemon-reload):

sudo mount /mnt

I'll get btrfs compression using zstd level 5, and some hardening features:

  • noexec to prevent execution of any binaries on the filesystem (shell scripts can bypass this though)
  • nodev to disallow special device files
  • nosuid to not honor setuid and setgid bits or file capabilities

and I can choose to shorten the command by omitting either the device or the mountpoint.

Verifying fstab entries

We can verify the fstab entries with

sudo findmnt --verify --verbose

sudo is needed to check that the filesystem type is correct.

Resources