5 guestfish - the libguestfs Filesystem Interactive SHell
9 guestfish [--options] [commands]
15 guestfish -a disk.img -m dev[:mountpoint]
17 guestfish -d libvirt-domain
19 guestfish -i libvirt-domain
21 guestfish -i disk.img [disk.img ...]
25 Using guestfish in read/write mode on live virtual machines can be
26 dangerous, potentially causing disk corruption. Use the I<--ro>
27 (read-only) option to use guestfish safely if the disk image or
28 virtual machine might be live.
32 =head2 As an interactive shell
36 Welcome to guestfish, the libguestfs filesystem interactive shell for
37 editing virtual machine filesystems.
39 Type: 'help' for a list of commands
40 'man' to read the manual
41 'quit' to quit the shell
45 =head2 From shell scripts
47 Create a new C</etc/motd> file in a guest:
52 mount /dev/vg_guest/lv_root /
53 write /etc/motd "Welcome, new users"
56 List the LVM logical volumes in a guest:
58 guestfish -a disk.img --ro <<_EOF_
63 =head2 On one command line
65 Update C</etc/resolv.conf> in a guest:
68 add disk.img : run : mount /dev/vg_guest/lv_root / : \
69 write /etc/resolv.conf "nameserver 1.2.3.4"
71 Edit C</boot/grub/grub.conf> interactively:
73 guestfish --add disk.img \
74 --mount /dev/vg_guest/lv_root \
75 --mount /dev/sda1:/boot \
76 edit /boot/grub/grub.conf
78 =head2 Using virt-inspector
80 Use the I<-i> option to get virt-inspector to mount
81 the filesystems automatically as they would be mounted
82 in the virtual machine:
84 guestfish --ro -i disk.img cat /etc/group
86 =head2 As a script interpreter
88 Create a 100MB disk containing an ext2-formatted partition:
90 #!/usr/bin/guestfish -f
93 part-disk /dev/sda mbr
96 =head2 Start with a prepared disk
98 An alternate way to create a 100MB disk called C<test1.img> containing
99 a single ext2-formatted partition:
103 To list what is available do:
105 guestfish -N list | less
107 =head2 Remote control
109 eval `guestfish --listen --ro`
110 guestfish --remote add disk.img
111 guestfish --remote run
112 guestfish --remote lvs
116 Guestfish is a shell and command-line tool for examining and modifying
117 virtual machine filesystems. It uses libguestfs and exposes all of
118 the functionality of the guestfs API, see L<guestfs(3)>.
120 Guestfish gives you structured access to the libguestfs API, from
121 shell scripts or the command line or interactively. If you want to
122 rescue a broken virtual machine image, you should look at the
123 L<virt-rescue(1)> command.
131 Displays general help on options.
133 =item B<-h> | B<--cmd-help>
135 Lists all available guestfish commands.
137 =item B<-h cmd> | B<--cmd-help cmd>
139 Displays detailed help on a single command C<cmd>.
141 =item B<-a image> | B<--add image>
143 Add a block device or virtual machine image to the shell.
145 =item B<-c URI> | B<--connect URI>
147 When used in conjunction with the I<-d> option, this specifies
148 the libvirt URI to use. The default is to use the default libvirt
151 =item B<-d libvirt-domain> | B<--domain libvirt-domain>
153 Add disks from the named libvirt domain. If the I<--ro> option is
154 also used, then any libvirt domain can be used. However in write
155 mode, only libvirt domains which are shut down can be named here.
157 =item B<-D> | B<--no-dest-paths>
159 Don't tab-complete paths on the guest filesystem. It is useful to be
160 able to hit the tab key to complete paths on the guest filesystem, but
161 this causes extra "hidden" guestfs calls to be made, so this option is
162 here to allow this feature to be disabled.
164 =item B<-f file> | B<--file file>
166 Read commands from C<file>. To write pure guestfish
169 #!/usr/bin/guestfish -f
171 =item B<-i> | B<--inspector>
173 Run virt-inspector on the named libvirt domain or list of disk
174 images. If virt-inspector is available and if it can identify
175 the domain or disk images, then partitions will be mounted
176 correctly at start-up.
178 Typical usage is either:
182 (for an inactive libvirt domain called I<myguest>), or:
184 guestfish --ro -i myguest
186 (for active domains, readonly), or specify the block device directly:
188 guestfish -i /dev/Guests/MyGuest
190 You cannot use I<-a>, I<-m>, I<-N>, I<--listen>, I<--remote> or
191 I<--selinux> in conjunction with this option, and options other than
192 I<--ro> might not behave correctly.
194 See also: L<virt-inspector(1)>.
196 =item B<--keys-from-stdin>
198 Read key or passphrase parameters from stdin. The default is
199 to try to read passphrases from the user by opening C</dev/tty>.
203 Fork into the background and listen for remote commands. See section
204 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
206 =item B<-m dev[:mountpoint]> | B<--mount dev[:mountpoint]>
208 Mount the named partition or logical volume on the given mountpoint.
210 If the mountpoint is omitted, it defaults to C</>.
212 You have to mount something on C</> before most commands will work.
214 If any I<-m> or I<--mount> options are given, the guest is
215 automatically launched.
217 If you don't know what filesystems a disk image contains, you
218 can either run guestfish without this option, then list the partitions
219 and LVs available (see L</list-partitions> and L</lvs> commands),
220 or you can use the L<virt-list-filesystems(1)> program.
222 =item B<-n> | B<--no-sync>
224 Disable autosync. This is enabled by default. See the discussion
225 of autosync in the L<guestfs(3)> manpage.
227 =item B<-N type> | B<--new type> | B<-N list>
229 Prepare a fresh disk image formatted as "type". This is an
230 alternative to the I<-a> option: whereas I<-a> adds an existing disk,
231 I<-N> creates a preformatted disk with a filesystem and adds it.
232 See L</PREPARED DISK IMAGES> below.
234 =item B<--remote[=pid]>
236 Send remote commands to C<$GUESTFISH_PID> or C<pid>. See section
237 L</REMOTE CONTROL GUESTFISH OVER A SOCKET> below.
239 =item B<-r> | B<--ro>
241 This changes the I<-a> and I<-m> options so that disks are added and
242 mounts are done read-only (see L<guestfs(3)/guestfs_mount_ro>).
244 The option must always be used if the disk image or virtual machine
245 might be running, and is generally recommended in cases where you
246 don't need write access to the disk.
248 Note that prepared disk images created with I<-N> are not affected by
253 Enable SELinux support for the guest. See L<guestfs(3)/SELINUX>.
255 =item B<-v> | B<--verbose>
257 Enable very verbose messages. This is particularly useful if you find
260 =item B<-V> | B<--version>
262 Display the guestfish / libguestfs version number and exit.
266 Echo each command before executing it.
270 =head1 COMMANDS ON COMMAND LINE
272 Any additional (non-option) arguments are treated as commands to
275 Commands to execute should be separated by a colon (C<:>), where the
276 colon is a separate parameter. Thus:
278 guestfish cmd [args...] : cmd [args...] : cmd [args...] ...
280 If there are no additional arguments, then we enter a shell, either an
281 interactive shell with a prompt (if the input is a terminal) or a
282 non-interactive shell.
284 In either command line mode or non-interactive shell, the first
285 command that gives an error causes the whole shell to exit. In
286 interactive mode (with a prompt) if a command fails, you can continue
289 =head1 USING launch (OR run)
291 As with L<guestfs(3)>, you must first configure your guest by adding
292 disks, then launch it, then mount any disks you need, and finally
293 issue actions/commands. So the general order of the day is:
315 C<run> is a synonym for C<launch>. You must C<launch> (or C<run>)
316 your guest before mounting or performing any other commands.
318 The only exception is that if the I<-m> or I<--mount> option was
319 given, the guest is automatically run for you (simply because
320 guestfish can't mount the disks you asked for without doing this).
324 You can quote ordinary parameters using either single or double
327 add "file with a space.img"
333 A few commands require a list of strings to be passed. For these, use
334 a whitespace-separated list, enclosed in quotes. Strings containing whitespace
335 to be passed through must be enclosed in single quotes. A literal single quote
336 must be escaped with a backslash.
338 vgcreate VG "/dev/sda1 /dev/sdb1"
339 command "/bin/echo 'foo bar'"
340 command "/bin/echo \'foo\'"
344 This section applies to all commands which can take integers
349 When the command takes a parameter measured in bytes, you can use one
350 of the following suffixes to specify kilobytes, megabytes and larger
355 =item B<k> or B<K> or B<KiB>
357 The size in kilobytes (multiplied by 1024).
361 The size in SI 1000 byte units.
365 The size in megabytes (multiplied by 1048576).
369 The size in SI 1000000 byte units.
373 The size in gigabytes (multiplied by 2**30).
377 The size in SI 10**9 byte units.
381 The size in terabytes (multiplied by 2**40).
385 The size in SI 10**12 byte units.
389 The size in petabytes (multiplied by 2**50).
393 The size in SI 10**15 byte units.
397 The size in exabytes (multiplied by 2**60).
401 The size in SI 10**18 byte units.
405 The size in zettabytes (multiplied by 2**70).
409 The size in SI 10**21 byte units.
413 The size in yottabytes (multiplied by 2**80).
417 The size in SI 10**24 byte units.
423 truncate-size /file 1G
425 would truncate the file to 1 gigabyte.
427 Be careful because a few commands take sizes in kilobytes or megabytes
428 (eg. the parameter to L</memsize> is specified in megabytes already).
429 Adding a suffix will probably not do what you expect.
431 =head2 OCTAL AND HEXADECIMAL NUMBERS
433 For specifying the radix (base) use the C convention: C<0> to prefix
434 an octal number or C<0x> to prefix a hexadecimal number. For example:
436 1234 decimal number 1234
437 02322 octal number, equivalent to decimal 1234
438 0x4d2 hexadecimal number, equivalent to decimal 1234
440 When using the C<chmod> command, you almost always want to specify an
441 octal number for the mode, and you must prefix it with C<0> (unlike
442 the Unix L<chmod(1)> program):
444 chmod 0777 /public # OK
445 chmod 777 /public # WRONG! This is mode 777 decimal = 01411 octal.
447 Commands that return numbers usually print them in decimal, but
448 some commands print numbers in other radices (eg. C<umask> prints
449 the mode in octal, preceeded by C<0>).
451 =head1 WILDCARDS AND GLOBBING
453 Neither guestfish nor the underlying guestfs API performs
454 wildcard expansion (globbing) by default. So for example the
455 following will not do what you expect:
459 Assuming you don't have a directory literally called C</home/*>
460 then the above command will return an error.
462 To perform wildcard expansion, use the C<glob> command.
466 runs C<rm-rf> on each path that matches (ie. potentially running
467 the command many times), equivalent to:
473 C<glob> only works on simple guest paths and not on device names.
475 If you have several parameters, each containing a wildcard, then glob
476 will perform a cartesian product.
480 Any line which starts with a I<#> character is treated as a comment
481 and ignored. The I<#> can optionally be preceeded by whitespace,
482 but B<not> by a command. For example:
488 Blank lines are also ignored.
490 =head1 RUNNING COMMANDS LOCALLY
492 Any line which starts with a I<!> character is treated as a command
493 sent to the local shell (C</bin/sh> or whatever L<system(3)> uses).
497 tgz-out /remote local/remote-data.tar.gz
499 will create a directory C<local> on the host, and then export
500 the contents of C</remote> on the mounted filesystem to
501 C<local/remote-data.tar.gz>. (See C<tgz-out>).
503 To change the local directory, use the C<lcd> command. C<!cd> will
504 have no effect, due to the way that subprocesses work in Unix.
508 Use C<command E<lt>spaceE<gt> | command> to pipe the output of the
509 first command (a guestfish command) to the second command (any host
510 command). For example:
512 cat /etc/passwd | awk -F: '$3 == 0 { print }'
514 (where C<cat> is the guestfish cat command, but C<awk> is the host awk
515 program). The above command would list all accounts in the guest
516 filesystem which have UID 0, ie. root accounts including backdoors.
519 hexdump /bin/ls | head
520 list-devices | tail -1
521 tgz-out / - | tar ztf -
523 The space before the pipe symbol is required, any space after the pipe
524 symbol is optional. Everything after the pipe symbol is just passed
525 straight to the host shell, so it can contain redirections, globs and
526 anything else that makes sense on the host side.
528 To use a literal argument which begins with a pipe symbol, you have
533 =head1 HOME DIRECTORIES
535 If a parameter starts with the character C<~> then the tilde may be
536 expanded as a home directory path (either C<~> for the current user's
537 home directory, or C<~user> for another user).
539 Note that home directory expansion happens for users known I<on the
540 host>, not in the guest filesystem.
542 To use a literal argument which begins with a tilde, you have to quote
547 =head1 ENCRYPTED DISKS
549 Libguestfs has some support for Linux guests encrypted according to
550 the Linux Unified Key Setup (LUKS) standard, which includes nearly all
551 whole disk encryption systems used by modern Linux guests. Currently
552 only LVM-on-LUKS is supported.
554 Identify encrypted block devices and partitions using L</vfs-type>:
556 ><fs> vfs-type /dev/sda2
559 Then open those devices using L</luks-open>. This creates a
560 device-mapper device called C</dev/mapper/luksdev>.
562 ><fs> luks-open /dev/sda2 luksdev
563 Enter key or passphrase ("key"): <enter the passphrase>
565 Finally you have to tell LVM to scan for volume groups on
566 the newly created mapper device:
569 ><fs> vg-activate-all true
571 The logical volume(s) can now be mounted in the usual way.
573 Before closing a LUKS device you must unmount any logical volumes on
574 it and deactivate the volume groups by calling C<vg-activate false VG>
575 on each one. Then you can close the mapper device:
577 ><fs> vg-activate false /dev/VG
578 ><fs> luks-close /dev/mapper/luksdev
582 If a path is prefixed with C<win:> then you can use Windows-style
583 paths (with some limitations). The following commands are equivalent:
585 file /WINDOWS/system32/config/system.LOG
587 file win:/windows/system32/config/system.log
589 file win:\windows\system32\config\system.log
591 file WIN:C:\Windows\SYSTEM32\conFIG\SYSTEM.LOG
593 This syntax implicitly calls C<case-sensitive-path> (q.v.) so it also
594 handles case insensitivity like Windows would. This only works in
595 argument positions that expect a path.
597 =head1 UPLOADING AND DOWNLOADING FILES
599 For commands such as C<upload>, C<download>, C<tar-in>, C<tar-out> and
600 others which upload from or download to a local file, you can use the
601 special filename C<-> to mean "from stdin" or "to stdout". For example:
605 reads stdin and creates from that a file C</foo> in the disk image,
608 tar-out /etc - | tar tf -
610 writes the tarball to stdout and then pipes that into the external
611 "tar" command (see L</PIPES>).
613 When using C<-> to read from stdin, the input is read up to the end of
614 stdin. You can also use a special "heredoc"-like syntax to read up to
615 some arbitrary end marker:
623 Any string of characters can be used instead of C<END>. The end
624 marker must appear on a line of its own, without any preceeding or
625 following characters (not even spaces).
627 Note that the C<-E<lt>E<lt>> syntax only applies to parameters used to
628 upload local files (so-called "FileIn" parameters in the generator).
630 =head1 EXIT ON ERROR BEHAVIOUR
632 By default, guestfish will ignore any errors when in interactive mode
633 (ie. taking commands from a human over a tty), and will exit on the
634 first error in non-interactive mode (scripts, commands given on the
637 If you prefix a command with a I<-> character, then that command will
638 not cause guestfish to exit, even if that (one) command returns an
641 =head1 REMOTE CONTROL GUESTFISH OVER A SOCKET
643 Guestfish can be remote-controlled over a socket. This is useful
644 particularly in shell scripts where you want to make several different
645 changes to a filesystem, but you don't want the overhead of starting
646 up a guestfish process each time.
648 Start a guestfish server process using:
650 eval `guestfish --listen`
652 and then send it commands by doing:
654 guestfish --remote cmd [...]
656 To cause the server to exit, send it the exit command:
658 guestfish --remote exit
660 Note that the server will normally exit if there is an error in a
661 command. You can change this in the usual way. See section
662 L</EXIT ON ERROR BEHAVIOUR>.
664 =head2 CONTROLLING MULTIPLE GUESTFISH PROCESSES
666 The C<eval> statement sets the environment variable C<$GUESTFISH_PID>,
667 which is how the I<--remote> option knows where to send the commands.
668 You can have several guestfish listener processes running using:
670 eval `guestfish --listen`
672 eval `guestfish --listen`
675 guestfish --remote=$pid1 cmd
676 guestfish --remote=$pid2 cmd
678 =head2 REMOTE CONTROL DETAILS
680 Remote control happens over a Unix domain socket called
681 C</tmp/.guestfish-$UID/socket-$PID>, where C<$UID> is the effective
682 user ID of the process, and C<$PID> is the process ID of the server.
684 Guestfish client and server versions must match exactly.
686 =head1 PREPARED DISK IMAGES
688 Use the I<-N type> or I<--new type> parameter to select one of a set
689 of preformatted disk images that guestfish can make for you to save
690 typing. This is particularly useful for testing purposes. This
691 option is used instead of the I<-a> option, and like I<-a> can appear
692 multiple times (and can be mixed with I<-a>).
694 The new disk is called C<test1.img> for the first I<-N>, C<test2.img>
695 for the second and so on. Existing files in the current directory are
698 The type briefly describes how the disk should be sized, partitioned,
699 how filesystem(s) should be created, and how content should be added.
700 Optionally the type can be followed by extra parameters, separated by
701 C<:> (colon) characters. For example, I<-N fs> creates a default
702 100MB, sparsely-allocated disk, containing a single partition, with
703 the partition formatted as ext2. I<-N fs:ext4:1G> is the same, but
704 for an ext4 filesystem on a 1GB disk instead.
706 To list the available types and any extra parameters they take, run:
708 guestfish -N list | less
710 Note that the prepared filesystem is not mounted. You would usually
711 have to use the C<mount /dev/sda1 /> command or add the
712 I<-m /dev/sda1> option.
714 If any I<-N> or I<--new> options are given, the guest is automatically
719 Create a 100MB disk with an ext4-formatted partition:
723 Create a 32MB disk with a VFAT-formatted partition, and mount it:
725 guestfish -N fs:vfat:32M -m /dev/sda1
727 Create a blank 200MB disk:
729 guestfish -N disk:200M
731 =head1 GUESTFISH COMMANDS
733 The commands in this section are guestfish convenience commands, in
734 other words, they are not part of the L<guestfs(3)> API.
736 =head2 alloc | allocate
740 This creates an empty (zeroed) file of the given size, and then adds
741 so it can be further examined.
743 For more advanced image creation, see L<qemu-img(1)> utility.
745 Size can be specified using standard suffixes, eg. C<1M>.
751 This echos the parameters to the terminal.
753 =head2 edit | vi | emacs
757 This is used to edit a file. It downloads the file, edits it
758 locally using your editor, then uploads the result.
760 The editor is C<$EDITOR>. However if you use the alternate
761 commands C<vi> or C<emacs> you will get those corresponding
764 NOTE: This will not work reliably for large files
765 (> 2 MB) or binary files containing \0 bytes.
771 Expand wildcards in any paths in the args list, and run C<command>
772 repeatedly on each matching path.
774 See section WILDCARDS AND GLOBBING.
781 Without any parameter, this lists all commands. With a C<cmd>
782 parameter, this displays detailed help for a command.
788 Change the local directory, ie. the current directory of guestfish
791 Note that C<!cd> won't do what you might expect.
797 Opens the manual page for guestfish.
805 This is used to view a file.
807 The default viewer is C<$PAGER>. However if you use the alternate
808 command C<less> you will get the C<less> command specifically.
810 NOTE: This will not work reliably for large files
811 (> 2 MB) or binary files containing \0 bytes.
815 This exits guestfish. You can also use C<^D> key.
821 Close and reopen the libguestfs handle. It is not necessary to use
822 this normally, because the handle is closed properly when guestfish
823 exits. However this is occasionally useful for testing.
829 This creates an empty sparse file of the given size, and then adds
830 so it can be further examined.
832 In all respects it works the same as the C<alloc> command, except that
833 the image file is allocated sparsely, which means that disk blocks are
834 not assigned to the file until they are needed. Sparse disk files
835 only use space when written to, but they are slower and there is a
836 danger you could run out of real disk space during a write operation.
838 For more advanced image creation, see L<qemu-img(1)> utility.
840 Size can be specified using standard suffixes, eg. C<1M>.
846 This command returns a list of the optional groups
847 known to the daemon, and indicates which ones are
848 supported by this build of the libguestfs appliance.
850 See also L<guestfs(3)/AVAILABILITY>.
856 Run the command as usual, but print the elapsed time afterwards. This
857 can be useful for benchmarking operations.
865 guestfish returns 0 if the commands completed without error, or
866 1 if there was an error.
868 =head1 ENVIRONMENT VARIABLES
874 The C<edit> command uses C<$EDITOR> as the editor. If not
879 Used with the I<--remote> option to specify the remote guestfish
880 process to control. See section
881 L</REMOTE CONTROL GUESTFISH OVER A SOCKET>.
885 If compiled with GNU readline support, various files in the
886 home directory can be used. See L</FILES>.
888 =item LIBGUESTFS_APPEND
890 Pass additional options to the guest kernel.
892 =item LIBGUESTFS_DEBUG
894 Set C<LIBGUESTFS_DEBUG=1> to enable verbose messages. This has the
895 same effect as using the B<-v> option.
897 =item LIBGUESTFS_MEMSIZE
899 Set the memory allocated to the qemu process, in megabytes. For
902 LIBGUESTFS_MEMSIZE=700
904 =item LIBGUESTFS_PATH
906 Set the path that guestfish uses to search for kernel and initrd.img.
907 See the discussion of paths in L<guestfs(3)>.
909 =item LIBGUESTFS_QEMU
911 Set the default qemu binary that libguestfs uses. If not set, then
912 the qemu which was found at compile time by the configure script is
915 =item LIBGUESTFS_TRACE
917 Set C<LIBGUESTFS_TRACE=1> to enable command traces.
921 The C<more> command uses C<$PAGER> as the pager. If not
922 set, it uses C<more>.
926 Location of temporary directory, defaults to C</tmp>.
928 If libguestfs was compiled to use the supermin appliance then each
929 handle will require rather a large amount of space in this directory
930 for short periods of time (~ 80 MB). You can use C<$TMPDIR> to
931 configure another directory to use in case C</tmp> is not large
940 =item $HOME/.guestfish
942 If compiled with GNU readline support, then the command history
943 is saved in this file.
949 If compiled with GNU readline support, then these files can be used to
950 configure readline. For further information, please see
951 L<readline(3)/INITIALIZATION FILE>.
953 To write rules which only apply to guestfish, use:
959 Variables that you can set in inputrc that change the behaviour
960 of guestfish in useful ways include:
964 =item completion-ignore-case (default: on)
966 By default, guestfish will ignore case when tab-completing
967 paths on the disk. Use:
969 set completion-ignore-case off
971 to make guestfish case sensitive.
977 =item test2.img (etc)
979 When using the C<-N> or C<--new> option, the prepared disk or
980 filesystem will be created in the file C<test1.img> in the current
981 directory. The second use of C<-N> will use C<test2.img> and so on.
982 Any existing file with the same name will be overwritten.
989 L<http://libguestfs.org/>,
993 L<virt-list-filesystems(1)>,
994 L<virt-list-partitions(1)>,
1004 Richard W.M. Jones (C<rjones at redhat dot com>)
1008 Copyright (C) 2009-2010 Red Hat Inc.
1009 L<http://libguestfs.org/>
1011 This program is free software; you can redistribute it and/or modify
1012 it under the terms of the GNU General Public License as published by
1013 the Free Software Foundation; either version 2 of the License, or
1014 (at your option) any later version.
1016 This program is distributed in the hope that it will be useful,
1017 but WITHOUT ANY WARRANTY; without even the implied warranty of
1018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1019 GNU General Public License for more details.
1021 You should have received a copy of the GNU General Public License
1022 along with this program; if not, write to the Free Software
1023 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.