Re: pammount not unmounting encrypted home on logout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



well probably some app is still using the mount directory.

I've been working on constructions (and still do) which mount a
"Media" directory when a user logs in, and other constructions, like
the chroot and (re)mounting to turn the system into a GoboLinux like

What I ran into is that still after logging out of KDE there are still
apps using the home directory. I had to make a construction which
kills these first, and then umounts.
Isn't it possible to do a lazy umount with pammount ??

I would never use the mounting directly. Better is a construction
which uses pamexec or pamscript which run scripts at auth, login and
logout. and create a construction  to run scripts in order, where you
have the ability to specify that the login process has to wait for
completion (something like systemd but then for usersessions)


2012/3/25 josh <jbuhl_nospam@xxxxxxx>:
> Hi,
> I have individually LUKS encrypted home dirs on my system which are
> mounted at login via pammount. I have one, maybe two problems that I am
> unable to track down, and which may be related.
> First of all, the encrypted dirs seem to be getting mounted twice when
> the user logs in. Here are the relevant lines in df output after login:
> /dev/mapper/_dev_sdb1 57690744 20835188 36269436 37% /home/josh
> /dev/sdb1 57690744 20835188 36269436 37% /home/josh
> Secondly, and most importantly, the encrypted home partitions are not
> being completely unmounted on logout. After logout, only one of the
> above has been unmounted, df reports:
> /dev/mapper/_dev_sdb1 57690744 20835284 36269340 37% /home/josh
> This also happens even if lsof doesn't report any open files for the
> user (a common cause of having the partion not unmounted, if memory
> serves...)
> The relevant line in /etc/security/pam_mount.conf.xml is:
> <volume user="josh" mountpoint="/home/josh"
> path="/dev/disk/by-uuid/967e7b41-b9cc-48f0-94e8-c2c3eb2a4dd0"
> fstype="crypt" />
> and this is the only reference to mounting this volume, i.e. no other
> mounting lines somewhere in fstab or crypttab. I use disk-by-uuid
> because udev does not always map the devices to the same letters, so
> the disk the above partition is on is not always sdb (also a known
> issue, again if memory serves...)
> I consider it a serious security problem if the encrypted dirs aren't
> automagically unmounted on logout, which at least partially defeats the
> whole purpose of having them to begin with.
> Any Ideas?
> cheers,
> -j
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux