eCryptfs

Bug #507150
Comment #6

Comment 6 for bug 507150

Revision history for this message

Leo (leorolla) wrote on 2011-01-25:

I could partially reproduce it.

As long as there was a user inside /home/USER (root in my case), the user logged out but his homefolder was not completely umounted.

Running "mount" didn't show it. Running "ls", "cd", etc would show all the files. Further tests:

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# ls
[see user's files!]
# df .
Filesystem 1K-blocks Used Available Use% Mounted on
- 8254272 5523548 2311428 71% /
# cat /dev/shm/ecryptfs-USER-Private
0
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
keyring is empty

But the second time I tried the same tests, it was worse:
USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
#ls
[see user's files!]
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER 3788 0.0 0.0 6460 724 pts/2 S 13:17 0:00 login
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty

So I tried the same thing again, but more nasty. I could see USER's files!!!

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER 3788 0.0 0.0 6460 724 pts/2 S 13:17 0:00 login
# sudo -u anaclara ecryptfs-mount-private
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty
# ls /home/USER
[See user files!!!]
# mount
...
/home/USER/.Private on /home/USER type ecryptfs (...)
# df /home/USER
Filesystem 1K-blocks Used Available Use% Mounted on
/home/USER/.Private
90606688 81207632 9399056 90% /home/USER

Now when I had another user rather than root that had CDed into USER's home, it was a bit different...
When USER logged out it had the message
$ exit
logout
Sessions still open, not unmounting
$$ ps gaux | grep USER
USER 4497 0.0 0.0 6460 720 pts/2 S 13:32 0:00 login
$$ ls ~USER
[See files!]
$$ mount
[See mounted!]
$$ sudo -u USER keyctl list @u
Sudo password: *****
2 keys in keyring:
...
...
$$ sudo umount /home/USER
$$ sudo -u USER keyctl list @u
keyring is empty
$$

So, I could reproduce all sorts of behavior, and it is apparently not deterministic.

I could partially reproduce it.

As long as there was a user inside /home/USER (root in my case), the user logged out but his homefolder was not completely umounted.

Running "mount" didn't show it. Running "ls", "cd", etc would show all the files. Further tests:

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# ls
[see user's files!]
# df .
Filesystem           1K-blocks      Used Available Use% Mounted on
-                      8254272   5523548   2311428  71% /
# cat /dev/shm/ecryptfs-USER-Private
0
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
keyring is empty

But the second time I tried the same tests, it was worse:
USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
#ls
[see user's files!]
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER  3788  0.0  0.0   6460   724 pts/2    S    13:17   0:00 login         
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty

So I tried the same thing again, but more nasty. I could see USER's files!!!

USER LOG IN
ROOT CD /HOME/USER
USER LOG OUT
# cd /
# ls /home/USER
[nothing]
# sudo -u USER keyctl list @u
2 keys in keyring:
...
...
# ps gaux | grep USER
USER  3788  0.0  0.0   6460   724 pts/2    S    13:17   0:00 login
# sudo -u anaclara ecryptfs-mount-private
# kill -9 3788
# sudo -u USER keyctl list @u
keyring is empty
# ls /home/USER
[See user files!!!]
# mount
...
/home/USER/.Private on /home/USER type ecryptfs (...)
# df /home/USER
Filesystem           1K-blocks      Used Available Use% Mounted on
/home/USER/.Private
                      90606688  81207632   9399056  90% /home/USER

Now when I had another user rather than root that had CDed into USER's home, it was a bit different...
When USER logged out it had the message
$ exit
logout
Sessions still open, not unmounting
$$ ps gaux | grep USER
USER  4497  0.0  0.0   6460   720 pts/2    S    13:32   0:00 login
$$ ls ~USER
[See files!]
$$ mount
[See mounted!]
$$ sudo -u USER keyctl list @u
Sudo password: *****
2 keys in keyring:
...
...
$$ sudo umount /home/USER
$$ sudo -u USER keyctl list @u
keyring is empty
$$

So, I could reproduce all sorts of behavior, and it is apparently not deterministic.