stale login processes after logout
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Triaged
|
Low
|
Tyler Hicks |
Bug Description
After a user logs out (and no other processes from this user are running), the encrypted $HOME is unmounted - as expected. But the last process ("login" for local logins, "sshd" for SSH logins) won't quit until after some minutes:
--------------
# useradd -d /home/joe -m -s /bin/bash joe && passwd joe
# ecryptfs-
# login joe
joe$ logout
# ps -fu joe
UID PID PPID C STIME TTY TIME CMD
joe 2096 1 0 23:27 pts/1 00:00:00 login
joe 2304 1 0 23:29 ? 00:00:00 sshd: joe [priv]
joe 2574 1 0 23:30 ? 00:00:00 sshd: joe [priv]
--------------
The sshd process above are from 2 successful logins as user "joe". And even "joe" logged out, these process will stay there for a while. For every other login, another process ("login" or "sshd") is started and all of these process will won't terminate immediately when logging out. strace(1) says:
--------------
# strace -f -p 2096
Process 2096 attached - interrupt to quit
restart_
Process 2096 detached
--------------
So, the leftover processes are not really taking up any resources, but maybe this should be looked into. Eventually the processes terminate itself, but the system still holds shared memory segments for this user:
--------------
# ipcs
------ Shared Memory Segments --------
key shmid owner perms bytes nattch status
0x3c81b7f5 0 joe 666 4096 0
------ Semaphore Arrays --------
key semid owner perms nsems
0x3c81b7f6 65536 joe 666 1
------ Message Queues --------
key msqid owner perms used-bytes messages
--------------
Also, not really a problem.
But it was a problem[0], with ecryptfs-utils-83-4 on a Debian/squeeze machine: it showed the same behaviour as the one described here, with a distinct difference: upon logout, the $HOME was unmounted (as expected) but $HOME was unlocked & mounted when the user logged in again with ssh-keys - which should not happen, because SSH public key authentication is not able to provide passwords to pam_ecryptfs.so. So somewhere in the stale processes or somewhere else (or in these SHM segments, although tyhicks emphasized that this is not the case) the key material is still present after logging out.
However, I could NOT reproduce the "I-can-
But the stale processes (and the leftover semaphores) might be an issue, hopefully only a cosmetic one.
description: | updated |
Changed in ecryptfs: | |
importance: | Undecided → Low |
Thanks for the report! I think I can reproduce this, and I have a pretty good idea of why this happens (perhaps related to the umount -l). Not sure if I can fix it, but I'll take a better look. Marking confirmed/low for now. Thanks!