Skip to content

Mounting

Joachim Metz edited this page Jan 1, 2020 · 4 revisions

Introduction

To mount a Volume Service Snapshot (VSS) volume you can use vshadowmount.

There is support for the following back-ends:

  • Dokan library
  • fuse
  • OSXFuse

To build vshadowmount see Building.

Mounting

To mount a VSS volume you can either:

  • mount it directly from a device file;
  • mount it directly our of a RAW storage media image at a certain offset.

To mount directly from a device file:

vshadowmount /dev/sda2 /mnt/fuse

To mount directly our of a RAW storage media image at a certain offset:

vshadowmount -o 524288 image.raw /mnt/fuse

Note that vshadowmount takes an offset in bytes if you're copying the output from mmls multiply by the sector size:

vshadowmount -o $(( 1024 * 512 )) image.raw /mnt/fuse

This will expose a device file that provides the RAW volume data contained in the VSS volume.

/mnt/fuse/vshadow1

If you get the error:

No sub system to mount VSHADOW.

That means fuse was not detected when building the vshadowtools, check if you have fuse-dev installed and if ./configure is able to detect it. The last part of the ./configure output shows you this in an overview.

If your operating system supports loop devices, such as Linux, mount can be used to mount the device file as a loop device:

mount -o loop,ro /mnt/fuse/vshadow1 /mnt/file_system

On Mac OS hdiutil can be used to mount the device file:

hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount /mnt/fuse/vshadow1

Obtaining the volume offset

There are several ways to obtain the volume offset.

Linux fdisk

On Linux you can run fdisk with the list option (-l):

sudo fdisk -l /dev/sda

Or directly on a partitioned RAW storage media image file:

fdisk -l image.raw

Why is /mnt/fuse not accessible as root

By default fuse prevents root access to the mount point when a VSS volume is mounted. To enable this functionality first check the fuse documentation.

Make sure the fuse configuration file:

/etc/fuse.conf

Contains:

user_allow_other

Pass "allow_root" to the fuse sub system using the vshadowmount -X option:

vshadowmount -X allow_root image.raw /mnt/fuse

Windows

To mount a VSS volume on Windows:

vshadowmount -o 524288 image.raw x:

At the moment the vshadowmount keeps a hold on the console.

This will expose a device file that provides the RAW volume data contained in the VSS volume.

X:\VSHADOW1

Unmounting

You can unmount /mnt/fuse using umount:

umount /mnt/fuse

Or fusermount:

fusermount -u /mnt/fuse

Windows

At the moment terminate the process running in the console.

Troubleshooting

First of all make sure to check the output of configure. If you're seeing something like the following output configure was unable to detect an usable fuse.

Building:
   ...
   FUSE support:                                    no

On Mac OS X:

  • make sure that you only have OSXFuse installed and not another variant, like MacFuse, besides it.
  • try adding the C pre processor flags that set the fuse API version, e.g.
CPPFLAGS=-DFUSE_USE_VERSION=26 ./configure
  • if all else fails; file a support issue and attach config.log

On Ubuntu:

fusermount – failed to open /etc/fuse.conf – Permission denied

Make sure you're part of the group fuse:

sudo addgroup <username> fuse

If fusermount keeps complaining it cannot open fuse.conf:

sudo chmod o+r /etc/fuse.conf