readonly

Dear Lazyweb,

What's a way to re-mount a USB APFS read-only on macOS 10.14 or 15? I've resorted to this indignity, and it only works like 3/4ths of the time:

dev=`mount | grep "$dir" | sed 's/ .*//'`

# Doesn't work with AFPS:
( mount -ur -o nodev,nosuid "$dir" 2>&- >&- ) || (

 (            diskutil unmount "$dev" 2>&- >&-  ) ||
 ( sleep 10 ; diskutil unmount "$dev" 2>&- >&-  ) ||
 ( sleep 30 ; diskutil unmount "$dev" 2>&- >&-  ) ||
 ( sleep 30 ; diskutil unmount "$dev" 2>&- >&-  ) ||
 ( sleep 30 ; diskutil unmount "$dev" 2>&- >&-  ) ||
 echo "FAILED TO UNMOUNT $dev $dir"

 ( sleep 10 ; diskutil mount readOnly "$dev" 2>&- >&- ) ||
 ( sleep 30 ; diskutil mount readOnly "$dev" 2>&- >&- ) ||
 ( sleep 30 ; diskutil mount readOnly "$dev" 2>&- >&- ) ||
 ( sleep 30 ; diskutil mount readOnly "$dev" 2>&- >&- ) ||
 echo "FAILED TO REMOUNT $dev $dir"
)

It's the unmount step that fails most often ("busy"), though sometimes the mount step fails instead. Spotlight is turned off.

I have a backup drive that I rsync to periodically, and proper data hygiene demands that the drive be mounted writable only during the 5 minutes that I actually intend to be writing to it.

Previously, previously, previously.

Tags: , , ,

13 Responses:

  1. pj says:

    Maybe consider logging `lsof` output on fail so you can see what's keeping it busy?

    • Alex says:

      No need to lsof. It's mds that blocks unmount on macOS. It's always f*ing mds. Even when I explicitly flag a drive to not get indexed, it's mds.

      To be fair, I don't know that this is the case for our fair host, but would bet money on it.

      Blocking remount, on the other hand, is a different problem.

    • jwz says:

      Did that, and lsof doesn't show any open files on the volume in question.

      I ran lsof after the first unmount failure, and before the second.

  2. Mark Crane says:

    This blog is a constant reminder that all technology is a flat rock on damp ground, and when you lift it up you will see something very unpleasant writhing around in the sunlight.

  3. Nicholas Riley says:

    My equivalent post-backup scripts use diskutil eject rather than diskutil unmount. Despite the fact that you have "ejected" a USB-connected disk you can still remount it without unplugging/replugging it. Perhaps this might work better?

    • k3ninho says:

      I'd prefer update-in-place of mount -ur / mount -uw, but mount_apfs isn't a nice POSIX-like or BSD-compatible citizen. The mount_apfs man page claims that it respects -ur or -o rdonly,update from mount (proper) but I can't get it to work.

      K3n.

  4. Liam says:

    I find using:
    diskutil unmount force device
    is successful.

    • jwz says:

      That's the same as pulling the power without unmounting, and it's a great way to get a corrupted file system (yes, even with SSDs and thumb drives.)

  5. Zygo says:

    I'm kind of boggled at the combination of "backups on removable storage locally attached to the origin host" and "data hygiene."

    If the host goes bad (failing RAM or PSU, ransomware, etc), it trashes both the original filesystem and the backup at the same time. That happens during those five minutes when the backup is active, so mount flags don't really do much. To prevent contamination, original and backup media should never be attached to the same physical host. The backup media host should be very strict about what it allows the origin media host to write on its disk.

    Do you at least have multiple offsite removable media, and rotate them, or do you just roll the dice on losing all the backups every time?

Leave a Reply

Your email address will not be published. But if you provide a fake email address, I will likely assume that you are a troll, and not publish your comment.

You may use these HTML tags and attributes: <a href="" title=""> <b> <blockquote cite=""> <code> <em> <i> <s> <strike> <strong> <img src="" width="" height="" style=""> <iframe src="" class=""> <video src="" class="" controls="" loop="" muted="" autoplay="" playsinline=""> <div class=""> <blink> <tt> <u>, or *italics*.

  • Previously