The /etc/fstab (FileSytem TABle) configuration file is used by programs such as fsck, mount, and umount each time they are invoked to determine how, when, and where partitions should be mounted. During the bootstrap phase, the kernel also reads this file and mounts partitions in the order in which they appear. The /etc/fstab also specifies options for filesystem mounting such as filesystem type and controlling access permissions.

The following is an example of the /etc/fstab:
#  1                  2               3     4                5 6
#  device             mount-point     type  options          d c

   /dev/hda2          /               ext2  defaults         1 1
   /dev/fd0           /mnt/floppy     auto  noauto,users,rw  0 0
   /dev/cdrom         /mnt/cdrom      auto  noauto,user,ro   0 0
   snoopy:/mnt/cdrom  /mnt/snoopy_cd  nfs   noauto,user,rw   0 0
   //sapphire/cdr     /mnt/cdr        smbfs noauto           0 0

The 6 fstab Table Fields:

1. Filesystem to be Mounted. Specifies the device or filesystem to be mounted.
   It may be local (like one of your hard drives' partitions) or remote (such
   as an NFS share on another computer).

2. The Mount Point. This is the name of the directory you want to mount the
   filesystem. The mount point must pre-exist. If the mount point is not
   empty, it's contents will be unavailable as long as the new filesystem is
   mounted in its place. Note: You cannot mount or unmount a filesystem that
   is in use.

3. The Filesystem Type. Specifies the format of the filesystem (e.g. ext2,
   msdos, nfs, etc.) A list of commonly used filesystems is provided below.

4. Mount Options. A comma separated list of mount options for the filesystem.

5. Dump Parameters. This field is used by the dump utility to determine which
   filesystems should be backed up when dump is invoked. A 0 tells dump that
   the filesystem does not need to be dumped. A 1 indicates that it should.
   If you don't use dump, it doesn't matter what you set the field to.

6. Check Sequence Number. Used by fsck to determine the order in which to
   conduct file system integrity checks during reboot. This field may use
   a 0, 1, or 2. 0 indicates that no-check is needed (used for cdrom, proc,
   swap). 1 indicates that the filesystem should be checked first (used for
   the root partition) 2 should be used for any other filesystems that could
   become corrupt. These will be checked after the / filesystem.
     Linux can support many different filesystems (more than 20.) You can view a listing of filesystems currently in use by your kernel in the file: /proc/filesystems. These will correspond to your currently mounted filesystems, which you can list with cat /etc/mtab or entering the command mount by itself.
Common Filesystems:

	ext2       - Linux Native filesystem
	iso9660    - CDROM
	swap       - The Linux swap partition
	vfat       - Windows 95/98 filesystems including FAT32
	NFS        - Network File System.
	NTFS       - Windows NT file system
	msdos      - DOS without long filename support (the old 8.3 standard)
	hpfs       - OS/2
	auto       - Linux will attempt to determine which filesystem is on
	             the disk and mount it accordingly
	smbfs      - If you have the Samba pack installed, you can also use
	             the smbfs for connecting to Windows shares.
Here is a list of mount options. You can get the complete low-down on these options and more by reading man fstab, man mount, and man nfs.
Universal Mount Options:

	auto      - Filesystem will be mounted at boot time automatically or
	            when mount -a is run
	noauto    - Filesystem must be mounted manually with the mount
	            command
	defaults  - Mounts the filesystem with the options:
	            rw, suid, dev, exec, auto, nouser, and async
	suid      - Acknowledge user and group ownership bits if present
	nosuid    - Prevents user and group IDs from being set
	ro        - Mounts the filesystem as read-only
	rw        - Mounts the filesystem as read-write
	user      - Allows anyone to mount the filesystem. Only root or the
	            user who mounted the filesystem is allowed to unmount it.
	            This option also implies noexec, nosuid, and nodev unless
	            specified otherwise
	users     - Allows anyone to mount the filesytem and anyone to
	            unmount it, regardless of who originally mounted it.
	            This option also implies noexec, nosuid, and nodev unless
	            specified otherwise
	nouser    - Allows only root to mount the filesystem
	owner     - I have not found any documentation on this setting even
	            though is the default for CDROM and floppy drives in
	            RedHat's install. It appears to function like the
	            'nouser' setting
	exec      - Permit executable programs to be run from the mounted
	            filesystem
	noexec    - Do not permit the execution of programs from this
	            filesystem
	sync      - No buffering of file writes. This will force modified
	            files to be written directly to disk instead of sitting
	            around in memory. This is a good option for floppy disks
	async     - Input and output to the device should be done
	            asynchronously
	dev       - Allows any character or block devices contained on the
	            filesystem to be interpreted
	nodev     - Prevents any character or block devices contained on the
	            filesystem from being interpreted
     When using the 'auto' option (often used by removable media), the order in which the filesystem is probed to determine what filesystem to mount as, is determined by the context of the file '/etc/filesystems'. You may want to ensure that 'vfat' comes before 'msdos' in this file because msdos will mount on a vfat filesystem but you will not have access to long filenames.
Special Mount Options for vfat, fat, msdos, and iso9660:

	umask=n   - Sets the default umask to 'n', where 'n' is a value you
	            choose. Useful for DOS and OS/2 disks to assign access
	            rights, since they support none natively. The default is
	            to set the umask to that of the user or process mounting
	            the filesystem.

	uid=n     - Sets the default user id to 'n', where 'n' is a value you
	            choose. Useful for DOS and OS/2 disks to assign access
	            rights, since they support none natively. The default is
	            to set the uid to that of the user or process mounting
	            the filesystem.

	gid=n     - Sets the default group id to 'n', where 'n' is a value
	            you choose. Useful for DOS and OS/2 disks to assign
	            access rights, since they support none natively. The
	            default is to set the gid to that of the user or process
	            mounting the filesystem.


Special Mount Options for NFS:

	rsize=4096,
	wsize=4096 - These settings change the read/write buffer sizes from
	             their default of 1024 to 4096, a size reputed to improve
	             performance on Solaris and Intel-based systems. The NFS
	             Howto provides instructions on benchmarking and
	             optimizing the settings for your network.

	hard,intr  - To quote from the mount man page: The program accessing
	             a file on a NFS mounted filesystem will hang when the
	             server crashes. The process cannot be interrupted or
	             killed unless you also specify intr. When the NFS server
	             is back online the program will continue undisturbed
	             from where it was. This is probably what you want.

	soft       - Again to quote from the mount man pages: This option
	             allows the kernel to time out if the NFS server is not
	             responding for some time. The time can be specified with
	             timeo=time. This option might be useful if your NFS
	             server sometimes doesn't respond or will be rebooted
	             while some process tries to get a file from the server.
	             Usually it just causes lots of trouble.

Filesystem Security

     Some filesystems may contain sensitive data. These filesystems may need to be mounted for certain users while other users should not be able to access them. The '/etc/fstab' is a good place to implement security in regards to who and who cannot access certain filesystems.

     A simple example of filesystem security is a dual boot PC. If you have a PC that dual boots both Windows and a Unix operating system, you would not want to allow access to your 'c:' drive by users who are not completely trusted. If you create accounts on your system for friends who access your dual boot PC through the internet, they should not have access to your 'c:' drive although you may need access to data on that filesystem for your own personal use (documents, letters, love poems, etc.). Another example of sensitive data is your Windows 9x registry, it often contains 'plaintext' passwords you may use in the windows environment. Also, your dialup networking passwords to internet accounts are held in an easily cracked file within the Windows directory.

     The problem is that Windows 9x's vfat and fat32 filesystems do not hold extended information about who owns the file and what permissions the file has in regards to security. The normal Unix filesystems store security information and you do not have to be concerned about sensitive data being read by normal users (when you implement normal security standards). So, when you mount your 'c:' filesystem, anyone will be able to at least read all the data on the filesystem. The lack of security in the Windows 9x filesystems is due to the fact that it was designed for a PC or PERSONAL Computer that is normally only used by the owner.

     The good news is that Unix operating systems have a method to implement security on these filesystems. The following is an example of how I setup security for the Windows 9x (vfat) filesystems on a linux machine:

First of all, I wanted only certain (trusted) users to be able to access the
vfat partitions. I needed to setup a 'group' that, when a users belongs to
that group, read permissions were granted while other users not being members
of that group would be denied. Most systems come with a group called 'disk'
already registered in the '/etc/group' file. I chose to use that group as
the group which would be granted read permissions (you could however, add
a group of your own choice to the file).

In the '/etc/fstab' file, you will setup the filesystem like normal with a
few options that are not normally used. Here is an example of a vfat
filesystem setup with no real security:

	/dev/hda1   /mnt/c   vfat   defaults   0 0

We are going to change the options field currently set to 'defaults' to be
more secure and only allow access to users belonging to the group named
'disk'.

First we need to find out the group 'disk's numberic id or 'gid', you can
find this number by reading the '/etc/group' file. My 'disk' group's gid
is 6. The following is added to the options:

	/dev/hda1   /mnt/c   vfat   gid=6   0 0

Now, when the 'c:' filesystem is mounted, all files will belong to the group
'disk' with 'root' as the owner. Note that you can change the owner of all
the files with the 'uid=n' option but it is not necessary unless you have
a special need.

Next, we need to setup access permissions with the 'umask=nnn' option. The
umask option is specified as 3 numbers like using the 'chmod' command. If
you are not familiar with the umask feature, try 'man umask'. I set my umask
to '027' which will be as if all files on the 'c:' filesystem were chmod 750,
which gives the owner 'root' full privledges, the group 'disk' read and
execute permissions, and other (any users not belonging to the group 'disk'),
no access permissions. All files on the 'c:' filesystem will have 'rwxr-x---'
permissions with 'root' as the owner and 'disk' as the group.

	/dev/hda1   /mnt/c   vfat   gid=6,umask=027   0 0

Now, you can mount the Windows 9x 'c:' filesystem and normal users will not
be able to read data located on it.