HI, well probably some app is still using the mount directory. I've been working on constructions (and still do) which mount a "Media" directory when a user logs in, and other constructions, like the chroot and (re)mounting to turn the system into a GoboLinux like system. What I ran into is that still after logging out of KDE there are still apps using the home directory. I had to make a construction which kills these first, and then umounts. Isn't it possible to do a lazy umount with pammount ?? I would never use the mounting directly. Better is a construction which uses pamexec or pamscript which run scripts at auth, login and logout. and create a construction to run scripts in order, where you have the ability to specify that the login process has to wait for completion (something like systemd but then for usersessions) Stef 2012/3/25 josh <jbuhl_nospam@xxxxxxx>: > Hi, > > I have individually LUKS encrypted home dirs on my system which are > mounted at login via pammount. I have one, maybe two problems that I am > unable to track down, and which may be related. > > First of all, the encrypted dirs seem to be getting mounted twice when > the user logs in. Here are the relevant lines in df output after login: > > /dev/mapper/_dev_sdb1 57690744 20835188 36269436 37% /home/josh > /dev/sdb1 57690744 20835188 36269436 37% /home/josh > > Secondly, and most importantly, the encrypted home partitions are not > being completely unmounted on logout. After logout, only one of the > above has been unmounted, df reports: > > /dev/mapper/_dev_sdb1 57690744 20835284 36269340 37% /home/josh > > > This also happens even if lsof doesn't report any open files for the > user (a common cause of having the partion not unmounted, if memory > serves...) > > > The relevant line in /etc/security/pam_mount.conf.xml is: > > <volume user="josh" mountpoint="/home/josh" > path="/dev/disk/by-uuid/967e7b41-b9cc-48f0-94e8-c2c3eb2a4dd0" > fstype="crypt" /> > > and this is the only reference to mounting this volume, i.e. no other > mounting lines somewhere in fstab or crypttab. I use disk-by-uuid > because udev does not always map the devices to the same letters, so > the disk the above partition is on is not always sdb (also a known > issue, again if memory serves...) > > I consider it a serious security problem if the encrypted dirs aren't > automagically unmounted on logout, which at least partially defeats the > whole purpose of having them to begin with. > > Any Ideas? > > cheers, > > -j > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list