eCryptfs

Encrypted home directory doesn't always dismount after logout.

Bug #507150 reported by DarrenShare
288
This bug affects 7 people
Affects Status Importance Assigned to Milestone
eCryptfs
Confirmed
Low
Unassigned
ecryptfs-utils (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I have my full home directories encrypted for each user.

I've noticed that sometimes if I logout and then login in with another user with sudo privileges I can still browse through my home directory, i.e. ecryptfs hasn't dismounted my home directory.

It seems to be happening in about one third of instances and so far it's only happened with my own account. I'm totally unable to reliably reproduce this at the moment and can't see anything untoward in the logs.

I could do with some tips on how to diagnose this.

Thanks.

Using Ubuntu 9.10, fully up to date. Ecryptfs-utils version 81-0ubuntu3.

See original description
DarrenShare (darren-moorstreet)
description: updated
description: updated
Revision history for this message
DarrenShare (darren-moorstreet) wrote :

Well it's been two weeks and not a single reply. This could be a potentially serious issue. Does anyone care?

visibility: private → public
Revision history for this message
DarrenShare (darren-moorstreet) wrote :

Made the bug public.

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

There is a counter in /dev/shm/ecryptfs-$USER-Private. You can cat that file.

Your home directory won't be unmounted until that counter hits 0.

On a normal a) login, b) do stuff, c) logout, that counter will go from a) 0, b) 1, c) 0. And it will be unmounted properly.

A login can consist of any of a graphical login, an ssh login, and a tty console login.

The counter exists such that if you're logged in graphically, and then you ssh in, you now have a counter of 2. You will need to exit both of those sessions to get the session back down to 0, and to have PAM unmount it.

My guess is that you have logged in multiple times, and one of those sessions is still open. I do this sometimes, with SSH + screen.

Cron can also cause issues.

Do any of these situations explain your issue?

:-Dustin

Changed in ecryptfs:
status: New → Incomplete
importance: Undecided → Low
Revision history for this message
DarrenShare (darren-moorstreet) wrote :

Hi Dustin,

Thanks for the info. I discounted all the possibilities you mention - There were no processes running under my username, and I rebooted the PC several times and could reproduce it even then (so I know I'd only logged in once).

I do have some cron jobs set up but I made sure none of them were running either.

I haven't tried to reproduce this since my original post and three attempts at doing so now have failed so I will keep trying and watch the ecryptfs-$USER-Private file.

Revision history for this message
Dustin Kirkland  (kirkland) wrote : Re: [Bug 507150] Re: Encrypted home directory doesn't always dismount after logout.

Okay, once you're logged out, as root, see if there are any processes
lingering around owned by your user.

Also run fuser on your $HOME directory, and see what's still using
your mounted home directory.

That's all that's really remaining, something is lingering around
using your homedir such that it can't unmount until that process dies.

Leo (leorolla)
Changed in ecryptfs:
status: Incomplete → Confirmed
affects: ubuntu → ecryptfs-utils (Ubuntu)
Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
Revision history for this message
Leo (leorolla) wrote :

I could partially reproduce it.

As long as there was a user inside /home/USER (root in my case), the user logged out but his homefolder was not completely umounted.

Running "mount" didn't show it. Running "ls", "cd", etc would show all the files. Further tests:

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# ls
[see user's files!]
# df .
Filesystem 1K-blocks Used Available Use% Mounted on
- 8254272 5523548 2311428 71% /
# cat /dev/shm/ecryptfs-USER-Private
0
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
keyring is empty

But the second time I tried the same tests, it was worse:
USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
#ls
[see user's files!]
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER 3788 0.0 0.0 6460 724 pts/2 S 13:17 0:00 login
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty

So I tried the same thing again, but more nasty. I could see USER's files!!!

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER 3788 0.0 0.0 6460 724 pts/2 S 13:17 0:00 login
# sudo -u anaclara ecryptfs-mount-private
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty
# ls /home/USER
[See user files!!!]
# mount
...
/home/USER/.Private on /home/USER type ecryptfs (...)
# df /home/USER
Filesystem 1K-blocks Used Available Use% Mounted on
/home/USER/.Private
                      90606688 81207632 9399056 90% /home/USER

Now when I had another user rather than root that had CDed into USER's home, it was a bit different...
When USER logged out it had the message
$ exit
logout
Sessions still open, not unmounting
$$ ps gaux | grep USER
USER 4497 0.0 0.0 6460 720 pts/2 S 13:32 0:00 login
$$ ls ~USER
[See files!]
$$ mount
[See mounted!]
$$ sudo -u USER keyctl list @u
Sudo password: *****
2 keys in keyring:
...
...
$$ sudo umount /home/USER
$$ sudo -u USER keyctl list @u
keyring is empty
$$

So, I could reproduce all sorts of behavior, and it is apparently not deterministic.

tags: added: apport-collected
Revision history for this message
Leo (leorolla) wrote : apport information

Architecture: i386
DistroRelease: Ubuntu 10.10
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
Package: ecryptfs-utils 83-0ubuntu3
PackageArchitecture: i386
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.35-22.35-generic 2.6.35.4
Tags: maverick
Uname: Linux 2.6.35-22-generic i686
UserGroups: adm admin cdrom dialout dip fax floppy fuse lpadmin plugdev sambashare tape vboxusers video

Revision history for this message
Leo (leorolla) wrote : Dependencies.txt

apport information

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

The portion of this bug dealing with keys is actually a duplicate of Bug #313812, which was recently fixed!

As for the rest of it (not unmounting as long as a user is still in the encrypted directory, open file handles, etc), that behavior is by design, and not much we can do to avoid it.

Thanks.

Revision history for this message
david braun (braunster) wrote :

This isn't really a duplicate of bug #313812. The home directory is not being unmounted. Bug #313812 concerns the key-ring.

I created a user (zip) with an encrypted home folder, logged in, started a terminal and verified that the encrypted home folder was mounted. I then logged out and logged in as another user with root (sudo) privileges and checked what was mounted. "/home/.ecryptfs/zip/.Private" was still mounted in "/home/zip". I then checked "/dev/shm/ecryptfs-zip-Private" and the value was 1. I then checked what processes owned by "zip" were running.

root@braun-asus:~# ps -u zip
  PID TTY TIME CMD
 4173 ? 00:00:00 systemd
 4183 ? 00:00:00 (sd-pam)
 4199 ? 00:00:00 dbus-daemon
 4329 ? 00:00:00 gvfsd
 4336 ? 00:00:00 gvfsd-fuse
 4369 ? 00:00:00 ibus-daemon
 4416 ? 00:00:00 ibus-dconf
 4465 ? 00:00:00 dconf-service
 4468 ? 00:00:00 ibus-engine-sim
 4618 ? 00:00:00 evolution-sourc
 4633 ? 00:00:00 libertined
 4672 ? 00:00:00 goa-daemon
 4708 ? 00:00:00 goa-identity-se
 4757 ? 00:00:01 mission-control
 4810 ? 00:00:00 gvfs-udisks2-vo
 4825 ? 00:00:00 gvfs-mtp-volume
 4829 ? 00:00:00 gvfs-goa-volume
 4839 ? 00:00:00 gvfs-gphoto2-vo
 4848 ? 00:00:00 gvfs-afc-volume
 4904 ? 00:00:00 gconfd-2
 4911 ? 00:00:00 gvfsd-trash
 4937 ? 00:00:00 gvfsd-burn
 4955 ? 00:00:00 gvfsd-metadata
 4992 ? 00:00:00 zeitgeist-daemo
 5000 ? 00:00:00 zeitgeist-fts
I also checked what files were open by processes owned by "zip" - 164! So it is reasonable that, under these conditions, the encrypted home remained mounted. The problem is that all these process are persisting after log out. I suspect getting rid of them will solve the problem.

Revision history for this message
david braun (braunster) wrote :

BTW - the post-logout list of persisting processes exists for users regardless of whether or not their home directory is encrypted.

Revision history for this message
david braun (braunster) wrote :

Also - most of the above processes only exist for graphical logins. However, the private folder isn't unmounted for non-graphical logins either even though there are no processes left behind and the counter in /dev/shm/ecrypt-$USER-Private no longer exists.

Sorry I didn't mention this before but this problem has existed for quite a while and still exists in Ubuntu 17.04.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.