5 guestfish - the libguestfs Filesystem Interactive SHell
9 guestfish [--options] [commands]
15 guestfish -a disk.img -m dev[:mountpoint]
17 guestfish -i libvirt-domain
19 guestfish -i disk.img [disk.img ...]
23 Using guestfish in read/write mode on live virtual machines can be
24 dangerous, potentially causing disk corruption. Use the I<--ro>
25 (read-only) option to use guestfish safely if the disk image or
26 virtual machine might be live.
30 =head2 As an interactive shell
34 Welcome to guestfish, the libguestfs filesystem interactive shell for
35 editing virtual machine filesystems.
37 Type: 'help' for a list of commands
38 'man' to read the manual
39 'quit' to quit the shell
43 =head2 From shell scripts
45 Create a new C</etc/motd> file in a guest:
50 mount /dev/vg_guest/lv_root /
51 write /etc/motd "Welcome, new users"
54 List the LVM logical volumes in a guest:
56 guestfish -a disk.img --ro <<_EOF_
61 =head2 On one command line
63 Update C</etc/resolv.conf> in a guest:
66 add disk.img : run : mount /dev/vg_guest/lv_root / : \
67 write /etc/resolv.conf "nameserver 1.2.3.4"
69 Edit C</boot/grub/grub.conf> interactively:
71 guestfish --add disk.img \
72 --mount /dev/vg_guest/lv_root \
73 --mount /dev/sda1:/boot \
74 edit /boot/grub/grub.conf
76 =head2 Using virt-inspector
78 Use the I<-i> option to get virt-inspector to mount
79 the filesystems automatically as they would be mounted
80 in the virtual machine:
82 guestfish --ro -i disk.img cat /etc/group
84 =head2 As a script interpreter
86 Create a 100MB disk containing an ext2-formatted partition:
88 #!/usr/bin/guestfish -f
91 part-disk /dev/sda mbr
94 =head2 Start with a prepared disk
96 An alternate way to create a 100MB disk called C<test1.img> containing
97 a single ext2-formatted partition:
101 To list what is available do:
103 guestfish -N list | less
105 =head2 Remote control
107 eval `guestfish --listen --ro`
108 guestfish --remote add disk.img
109 guestfish --remote run
110 guestfish --remote lvs
114 Guestfish is a shell and command-line tool for examining and modifying
115 virtual machine filesystems. It uses libguestfs and exposes all of
116 the functionality of the guestfs API, see L<guestfs(3)>.
118 Guestfish gives you structured access to the libguestfs API, from
119 shell scripts or the command line or interactively. If you want to
120 rescue a broken virtual machine image, you should look at the
121 L<virt-rescue(1)> command.
129 Displays general help on options.
131 =item B<-h> | B<--cmd-help>
133 Lists all available guestfish commands.
135 =item B<-h cmd> | B<--cmd-help cmd>
137 Displays detailed help on a single command C<cmd>.
139 =item B<-a image> | B<--add image>
141 Add a block device or virtual machine image to the shell.
143 =item B<-D> | B<--no-dest-paths>
145 Don't tab-complete paths on the guest filesystem. It is useful to be
146 able to hit the tab key to complete paths on the guest filesystem, but
147 this causes extra "hidden" guestfs calls to be made, so this option is
148 here to allow this feature to be disabled.
150 =item B<-f file> | B<--file file>
152 Read commands from C<file>. To write pure guestfish
155 #!/usr/bin/guestfish -f
157 =item B<-i> | B<--inspector>
159 Run virt-inspector on the named libvirt domain or list of disk
160 images. If virt-inspector is available and if it can identify
161 the domain or disk images, then partitions will be mounted
162 correctly at start-up.
164 Typical usage is either:
168 (for an inactive libvirt domain called I<myguest>), or:
170 guestfish --ro -i myguest
172 (for active domains, readonly), or specify the block device directly:
174 guestfish -i /dev/Guests/MyGuest
176 You cannot use I<-a>, I<-m>, I<-N>, I<--listen>, I<--remote> or
177 I<--selinux> in conjunction with this option, and options other than
178 I<--ro> might not behave correctly.
180 See also: L<virt-inspector(1)>.
182 =item B<--keys-from-stdin>
184 Read key or passphrase parameters from stdin. The default is
185 to try to read passphrases from the user by opening C</dev/tty>.
189 Fork into the background and listen for remote commands. See section
190 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
192 =item B<-m dev[:mountpoint]> | B<--mount dev[:mountpoint]>
194 Mount the named partition or logical volume on the given mountpoint.
196 If the mountpoint is omitted, it defaults to C</>.
198 You have to mount something on C</> before most commands will work.
200 If any I<-m> or I<--mount> options are given, the guest is
201 automatically launched.
203 If you don't know what filesystems a disk image contains, you
204 can either run guestfish without this option, then list the partitions
205 and LVs available (see L</list-partitions> and L</lvs> commands),
206 or you can use the L<virt-list-filesystems(1)> program.
208 =item B<-n> | B<--no-sync>
210 Disable autosync. This is enabled by default. See the discussion
211 of autosync in the L<guestfs(3)> manpage.
213 =item B<-N type> | B<--new type> | B<-N list>
215 Prepare a fresh disk image formatted as "type". This is an
216 alternative to the I<-a> option: whereas I<-a> adds an existing disk,
217 I<-N> creates a preformatted disk with a filesystem and adds it.
218 See L</PREPARED DISK IMAGES> below.
220 =item B<--remote[=pid]>
222 Send remote commands to C<$GUESTFISH_PID> or C<pid>. See section
223 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
225 =item B<-r> | B<--ro>
227 This changes the I<-a> and I<-m> options so that disks are added and
228 mounts are done read-only (see L<guestfs(3)/guestfs_mount_ro>).
230 The option must always be used if the disk image or virtual machine
231 might be running, and is generally recommended in cases where you
232 don't need write access to the disk.
234 Note that prepared disk images created with I<-N> are not affected by
239 Enable SELinux support for the guest. See L<guestfs(3)/SELINUX>.
241 =item B<-v> | B<--verbose>
243 Enable very verbose messages. This is particularly useful if you find
246 =item B<-V> | B<--version>
248 Display the guestfish / libguestfs version number and exit.
252 Echo each command before executing it.
256 =head1 COMMANDS ON COMMAND LINE
258 Any additional (non-option) arguments are treated as commands to
261 Commands to execute should be separated by a colon (C<:>), where the
262 colon is a separate parameter. Thus:
264 guestfish cmd [args...] : cmd [args...] : cmd [args...] ...
266 If there are no additional arguments, then we enter a shell, either an
267 interactive shell with a prompt (if the input is a terminal) or a
268 non-interactive shell.
270 In either command line mode or non-interactive shell, the first
271 command that gives an error causes the whole shell to exit. In
272 interactive mode (with a prompt) if a command fails, you can continue
275 =head1 USING launch (OR run)
277 As with L<guestfs(3)>, you must first configure your guest by adding
278 disks, then launch it, then mount any disks you need, and finally
279 issue actions/commands. So the general order of the day is:
301 C<run> is a synonym for C<launch>. You must C<launch> (or C<run>)
302 your guest before mounting or performing any other commands.
304 The only exception is that if the I<-m> or I<--mount> option was
305 given, the guest is automatically run for you (simply because
306 guestfish can't mount the disks you asked for without doing this).
310 You can quote ordinary parameters using either single or double
313 add "file with a space.img"
319 A few commands require a list of strings to be passed. For these, use
320 a whitespace-separated list, enclosed in quotes. Strings containing whitespace
321 to be passed through must be enclosed in single quotes. A literal single quote
322 must be escaped with a backslash.
324 vgcreate VG "/dev/sda1 /dev/sdb1"
325 command "/bin/echo 'foo bar'"
326 command "/bin/echo \'foo\'"
330 This section applies to all commands which can take integers
335 When the command takes a parameter measured in bytes, you can use one
336 of the following suffixes to specify kilobytes, megabytes and larger
341 =item B<k> or B<K> or B<KiB>
343 The size in kilobytes (multiplied by 1024).
347 The size in SI 1000 byte units.
351 The size in megabytes (multiplied by 1048576).
355 The size in SI 1000000 byte units.
359 The size in gigabytes (multiplied by 2**30).
363 The size in SI 10**9 byte units.
367 The size in terabytes (multiplied by 2**40).
371 The size in SI 10**12 byte units.
375 The size in petabytes (multiplied by 2**50).
379 The size in SI 10**15 byte units.
383 The size in exabytes (multiplied by 2**60).
387 The size in SI 10**18 byte units.
391 The size in zettabytes (multiplied by 2**70).
395 The size in SI 10**21 byte units.
399 The size in yottabytes (multiplied by 2**80).
403 The size in SI 10**24 byte units.
409 truncate-size /file 1G
411 would truncate the file to 1 gigabyte.
413 Be careful because a few commands take sizes in kilobytes or megabytes
414 (eg. the parameter to L</memsize> is specified in megabytes already).
415 Adding a suffix will probably not do what you expect.
417 =head2 OCTAL AND HEXADECIMAL NUMBERS
419 For specifying the radix (base) use the C convention: C<0> to prefix
420 an octal number or C<0x> to prefix a hexadecimal number. For example:
422 1234 decimal number 1234
423 02322 octal number, equivalent to decimal 1234
424 0x4d2 hexadecimal number, equivalent to decimal 1234
426 When using the C<chmod> command, you almost always want to specify an
427 octal number for the mode, and you must prefix it with C<0> (unlike
428 the Unix L<chmod(1)> program):
430 chmod 0777 /public # OK
431 chmod 777 /public # WRONG! This is mode 777 decimal = 01411 octal.
433 Commands that return numbers usually print them in decimal, but
434 some commands print numbers in other radices (eg. C<umask> prints
435 the mode in octal, preceeded by C<0>).
437 =head1 WILDCARDS AND GLOBBING
439 Neither guestfish nor the underlying guestfs API performs
440 wildcard expansion (globbing) by default. So for example the
441 following will not do what you expect:
445 Assuming you don't have a directory literally called C</home/*>
446 then the above command will return an error.
448 To perform wildcard expansion, use the C<glob> command.
452 runs C<rm-rf> on each path that matches (ie. potentially running
453 the command many times), equivalent to:
459 C<glob> only works on simple guest paths and not on device names.
461 If you have several parameters, each containing a wildcard, then glob
462 will perform a cartesian product.
466 Any line which starts with a I<#> character is treated as a comment
467 and ignored. The I<#> can optionally be preceeded by whitespace,
468 but B<not> by a command. For example:
474 Blank lines are also ignored.
476 =head1 RUNNING COMMANDS LOCALLY
478 Any line which starts with a I<!> character is treated as a command
479 sent to the local shell (C</bin/sh> or whatever L<system(3)> uses).
483 tgz-out /remote local/remote-data.tar.gz
485 will create a directory C<local> on the host, and then export
486 the contents of C</remote> on the mounted filesystem to
487 C<local/remote-data.tar.gz>. (See C<tgz-out>).
489 To change the local directory, use the C<lcd> command. C<!cd> will
490 have no effect, due to the way that subprocesses work in Unix.
494 Use C<command E<lt>spaceE<gt> | command> to pipe the output of the
495 first command (a guestfish command) to the second command (any host
496 command). For example:
498 cat /etc/passwd | awk -F: '$3 == 0 { print }'
500 (where C<cat> is the guestfish cat command, but C<awk> is the host awk
501 program). The above command would list all accounts in the guest
502 filesystem which have UID 0, ie. root accounts including backdoors.
505 hexdump /bin/ls | head
506 list-devices | tail -1
507 tgz-out / - | tar ztf -
509 The space before the pipe symbol is required, any space after the pipe
510 symbol is optional. Everything after the pipe symbol is just passed
511 straight to the host shell, so it can contain redirections, globs and
512 anything else that makes sense on the host side.
514 To use a literal argument which begins with a pipe symbol, you have
519 =head1 HOME DIRECTORIES
521 If a parameter starts with the character C<~> then the tilde may be
522 expanded as a home directory path (either C<~> for the current user's
523 home directory, or C<~user> for another user).
525 Note that home directory expansion happens for users known I<on the
526 host>, not in the guest filesystem.
528 To use a literal argument which begins with a tilde, you have to quote
533 =head1 ENCRYPTED DISKS
535 Libguestfs has some support for Linux guests encrypted according to
536 the Linux Unified Key Setup (LUKS) standard, which includes nearly all
537 whole disk encryption systems used by modern Linux guests. Currently
538 only LVM-on-LUKS is supported.
540 Identify encrypted block devices and partitions using L</vfs-type>:
542 ><fs> vfs-type /dev/sda2
545 Then open those devices using L</luks-open>. This creates a
546 device-mapper device called C</dev/mapper/luksdev>.
548 ><fs> luks-open /dev/sda2 luksdev
549 Enter key or passphrase ("key"): <enter the passphrase>
551 Finally you have to tell LVM to scan for volume groups on
552 the newly created mapper device:
555 ><fs> vg-activate-all true
557 The logical volume(s) can now be mounted in the usual way.
559 Before closing a LUKS device you must unmount any logical volumes on
560 it and deactivate the volume groups by calling C<vg-activate false VG>
561 on each one. Then you can close the mapper device:
563 ><fs> vg-activate false /dev/VG
564 ><fs> luks-close /dev/mapper/luksdev
568 If a path is prefixed with C<win:> then you can use Windows-style
569 paths (with some limitations). The following commands are equivalent:
571 file /WINDOWS/system32/config/system.LOG
573 file win:/windows/system32/config/system.log
575 file win:\windows\system32\config\system.log
577 file WIN:C:\Windows\SYSTEM32\conFIG\SYSTEM.LOG
579 This syntax implicitly calls C<case-sensitive-path> (q.v.) so it also
580 handles case insensitivity like Windows would. This only works in
581 argument positions that expect a path.
583 =head1 UPLOADING AND DOWNLOADING FILES
585 For commands such as C<upload>, C<download>, C<tar-in>, C<tar-out> and
586 others which upload from or download to a local file, you can use the
587 special filename C<-> to mean "from stdin" or "to stdout". For example:
591 reads stdin and creates from that a file C</foo> in the disk image,
594 tar-out /etc - | tar tf -
596 writes the tarball to stdout and then pipes that into the external
597 "tar" command (see L</PIPES>).
599 When using C<-> to read from stdin, the input is read up to the end of
600 stdin. You can also use a special "heredoc"-like syntax to read up to
601 some arbitrary end marker:
609 Any string of characters can be used instead of C<END>. The end
610 marker must appear on a line of its own, without any preceeding or
611 following characters (not even spaces).
613 Note that the C<-E<lt>E<lt>> syntax only applies to parameters used to
614 upload local files (so-called "FileIn" parameters in the generator).
616 =head1 EXIT ON ERROR BEHAVIOUR
618 By default, guestfish will ignore any errors when in interactive mode
619 (ie. taking commands from a human over a tty), and will exit on the
620 first error in non-interactive mode (scripts, commands given on the
623 If you prefix a command with a I<-> character, then that command will
624 not cause guestfish to exit, even if that (one) command returns an
627 =head1 REMOTE CONTROL GUESTFISH OVER A SOCKET
629 Guestfish can be remote-controlled over a socket. This is useful
630 particularly in shell scripts where you want to make several different
631 changes to a filesystem, but you don't want the overhead of starting
632 up a guestfish process each time.
634 Start a guestfish server process using:
636 eval `guestfish --listen`
638 and then send it commands by doing:
640 guestfish --remote cmd [...]
642 To cause the server to exit, send it the exit command:
644 guestfish --remote exit
646 Note that the server will normally exit if there is an error in a
647 command. You can change this in the usual way. See section
648 L</EXIT ON ERROR BEHAVIOUR>.
650 =head2 CONTROLLING MULTIPLE GUESTFISH PROCESSES
652 The C<eval> statement sets the environment variable C<$GUESTFISH_PID>,
653 which is how the I<--remote> option knows where to send the commands.
654 You can have several guestfish listener processes running using:
656 eval `guestfish --listen`
658 eval `guestfish --listen`
661 guestfish --remote=$pid1 cmd
662 guestfish --remote=$pid2 cmd
664 =head2 REMOTE CONTROL DETAILS
666 Remote control happens over a Unix domain socket called
667 C</tmp/.guestfish-$UID/socket-$PID>, where C<$UID> is the effective
668 user ID of the process, and C<$PID> is the process ID of the server.
670 Guestfish client and server versions must match exactly.
672 =head1 PREPARED DISK IMAGES
674 Use the I<-N type> or I<--new type> parameter to select one of a set
675 of preformatted disk images that guestfish can make for you to save
676 typing. This is particularly useful for testing purposes. This
677 option is used instead of the I<-a> option, and like I<-a> can appear
678 multiple times (and can be mixed with I<-a>).
680 The new disk is called C<test1.img> for the first I<-N>, C<test2.img>
681 for the second and so on. Existing files in the current directory are
684 The type briefly describes how the disk should be sized, partitioned,
685 how filesystem(s) should be created, and how content should be added.
686 Optionally the type can be followed by extra parameters, separated by
687 C<:> (colon) characters. For example, I<-N fs> creates a default
688 100MB, sparsely-allocated disk, containing a single partition, with
689 the partition formatted as ext2. I<-N fs:ext4:1G> is the same, but
690 for an ext4 filesystem on a 1GB disk instead.
692 To list the available types and any extra parameters they take, run:
694 guestfish -N list | less
696 Note that the prepared filesystem is not mounted. You would usually
697 have to use the C<mount /dev/sda1 /> command or add the
698 I<-m /dev/sda1> option.
700 If any I<-N> or I<--new> options are given, the guest is automatically
705 Create a 100MB disk with an ext4-formatted partition:
709 Create a 32MB disk with a VFAT-formatted partition, and mount it:
711 guestfish -N fs:vfat:32M -m /dev/sda1
713 Create a blank 200MB disk:
715 guestfish -N disk:200M
717 =head1 GUESTFISH COMMANDS
719 The commands in this section are guestfish convenience commands, in
720 other words, they are not part of the L<guestfs(3)> API.
722 =head2 alloc | allocate
726 This creates an empty (zeroed) file of the given size, and then adds
727 so it can be further examined.
729 For more advanced image creation, see L<qemu-img(1)> utility.
731 Size can be specified using standard suffixes, eg. C<1M>.
737 This echos the parameters to the terminal.
739 =head2 edit | vi | emacs
743 This is used to edit a file. It downloads the file, edits it
744 locally using your editor, then uploads the result.
746 The editor is C<$EDITOR>. However if you use the alternate
747 commands C<vi> or C<emacs> you will get those corresponding
750 NOTE: This will not work reliably for large files
751 (> 2 MB) or binary files containing \0 bytes.
757 Expand wildcards in any paths in the args list, and run C<command>
758 repeatedly on each matching path.
760 See section WILDCARDS AND GLOBBING.
767 Without any parameter, this lists all commands. With a C<cmd>
768 parameter, this displays detailed help for a command.
774 Change the local directory, ie. the current directory of guestfish
777 Note that C<!cd> won't do what you might expect.
783 Opens the manual page for guestfish.
791 This is used to view a file.
793 The default viewer is C<$PAGER>. However if you use the alternate
794 command C<less> you will get the C<less> command specifically.
796 NOTE: This will not work reliably for large files
797 (> 2 MB) or binary files containing \0 bytes.
801 This exits guestfish. You can also use C<^D> key.
807 Close and reopen the libguestfs handle. It is not necessary to use
808 this normally, because the handle is closed properly when guestfish
809 exits. However this is occasionally useful for testing.
815 This creates an empty sparse file of the given size, and then adds
816 so it can be further examined.
818 In all respects it works the same as the C<alloc> command, except that
819 the image file is allocated sparsely, which means that disk blocks are
820 not assigned to the file until they are needed. Sparse disk files
821 only use space when written to, but they are slower and there is a
822 danger you could run out of real disk space during a write operation.
824 For more advanced image creation, see L<qemu-img(1)> utility.
826 Size can be specified using standard suffixes, eg. C<1M>.
832 This command returns a list of the optional groups
833 known to the daemon, and indicates which ones are
834 supported by this build of the libguestfs appliance.
836 See also L<guestfs(3)/AVAILABILITY>.
842 Run the command as usual, but print the elapsed time afterwards. This
843 can be useful for benchmarking operations.
851 guestfish returns 0 if the commands completed without error, or
852 1 if there was an error.
854 =head1 ENVIRONMENT VARIABLES
860 The C<edit> command uses C<$EDITOR> as the editor. If not
865 Used with the I<--remote> option to specify the remote guestfish
866 process to control. See section
867 L</REMOTE CONTROL GUESTFISH OVER A SOCKET>.
871 If compiled with GNU readline support, various files in the
872 home directory can be used. See L</FILES>.
874 =item LIBGUESTFS_APPEND
876 Pass additional options to the guest kernel.
878 =item LIBGUESTFS_DEBUG
880 Set C<LIBGUESTFS_DEBUG=1> to enable verbose messages. This has the
881 same effect as using the B<-v> option.
883 =item LIBGUESTFS_MEMSIZE
885 Set the memory allocated to the qemu process, in megabytes. For
888 LIBGUESTFS_MEMSIZE=700
890 =item LIBGUESTFS_PATH
892 Set the path that guestfish uses to search for kernel and initrd.img.
893 See the discussion of paths in L<guestfs(3)>.
895 =item LIBGUESTFS_QEMU
897 Set the default qemu binary that libguestfs uses. If not set, then
898 the qemu which was found at compile time by the configure script is
901 =item LIBGUESTFS_TRACE
903 Set C<LIBGUESTFS_TRACE=1> to enable command traces.
907 The C<more> command uses C<$PAGER> as the pager. If not
908 set, it uses C<more>.
912 Location of temporary directory, defaults to C</tmp>.
914 If libguestfs was compiled to use the supermin appliance then each
915 handle will require rather a large amount of space in this directory
916 for short periods of time (~ 80 MB). You can use C<$TMPDIR> to
917 configure another directory to use in case C</tmp> is not large
926 =item $HOME/.guestfish
928 If compiled with GNU readline support, then the command history
929 is saved in this file.
935 If compiled with GNU readline support, then these files can be used to
936 configure readline. For further information, please see
937 L<readline(3)/INITIALIZATION FILE>.
939 To write rules which only apply to guestfish, use:
945 Variables that you can set in inputrc that change the behaviour
946 of guestfish in useful ways include:
950 =item completion-ignore-case (default: on)
952 By default, guestfish will ignore case when tab-completing
953 paths on the disk. Use:
955 set completion-ignore-case off
957 to make guestfish case sensitive.
963 =item test2.img (etc)
965 When using the C<-N> or C<--new> option, the prepared disk or
966 filesystem will be created in the file C<test1.img> in the current
967 directory. The second use of C<-N> will use C<test2.img> and so on.
968 Any existing file with the same name will be overwritten.
975 L<http://libguestfs.org/>,
979 L<virt-list-filesystems(1)>,
980 L<virt-list-partitions(1)>,
990 Richard W.M. Jones (C<rjones at redhat dot com>)
994 Copyright (C) 2009-2010 Red Hat Inc.
995 L<http://libguestfs.org/>
997 This program is free software; you can redistribute it and/or modify
998 it under the terms of the GNU General Public License as published by
999 the Free Software Foundation; either version 2 of the License, or
1000 (at your option) any later version.
1002 This program is distributed in the hope that it will be useful,
1003 but WITHOUT ANY WARRANTY; without even the implied warranty of
1004 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1005 GNU General Public License for more details.
1007 You should have received a copy of the GNU General Public License
1008 along with this program; if not, write to the Free Software
1009 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.