deluser --remove-home leaves ecryptfs data behind

Bug #347970 reported by Martin Pitt on 2009-03-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
adduser (Ubuntu)
Low
Dustin Kirkland 
Jaunty
Undecided
Unassigned
Karmic
Low
Dustin Kirkland 
ecryptfs-utils (Ubuntu)
Low
Dustin Kirkland 
Jaunty
Undecided
Unassigned
Karmic
Low
Dustin Kirkland 

Bug Description

Binary package hint: adduser

On experimenting with encrypted home directories, I repeatedly added and removed users with encrypted home directories (had to do that because of bug 347969).

It occurred to me that "deluser --remove-home foo" followed by "adduser --encrypt-home foo" doesn't work, because deluser leaves /var/lib/ecryptfs/foo behind.

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
Package: adduser 3.110ubuntu3
PackageArchitecture: all
ProcEnviron:
 PATH=(custom, user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: adduser
Uname: Linux 2.6.28-11-generic i686

Martin Pitt (pitti) wrote :
Changed in adduser (Ubuntu):
assignee: nobody → kirkland
Dustin Kirkland  (kirkland) wrote :

Thanks for the report, Martin.

I suppose removing /var/lib/ecryptfs/$USER should be safe, if you're removing their home directory too...

I'm adding a task against adduser, as that's where this code will need to live. I'll keep a task open against ecryptfs-utils for now, for tracking purposes.

:-Dustin

Changed in adduser (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Changed in ecryptfs-utils (Ubuntu):
assignee: nobody → kirkland
importance: Undecided → Low
status: New → Triaged
Changed in adduser (Ubuntu):
status: Triaged → In Progress
Dustin Kirkland  (kirkland) wrote :

Attaching a patch that solves this in deluser. Basically, we do a 'find' on /var/lib/ecryptfs/$user as well, and add those to the files/dirs to be removed. Note that there is a regex list of prohibited dirs that matches on "/var", so I added an exception condition for /var/lib/ecryptfs/$user.

Patch attached. I'm requesting some review of someone with more adduser/deluser expertise than I ;-)

:-Dustin

Changed in ecryptfs-utils (Ubuntu):
status: Triaged → Invalid
Dustin Kirkland  (kirkland) wrote :

I'm assigning the adduser bit to pitti, for his review and upload at his discretion. Earlier in the cycle, I'd do this myself. At this point, a second set of eyes is a good thing ;-)

:-Dustin

Changed in adduser (Ubuntu):
assignee: kirkland → pitti
Martin Pitt (pitti) wrote :

This was uploaded with a wedged changelog, and thus no auto-closing:

+adduser (3.110ubuntu5) jaunty; urgency=low
+
+ * deluser: reworked previous upload slightly, per feedback from cjwatson,
+ should make the "rm /var/lib/ecryptfs/$user" code easier to read;
+ revert $version corruption (oops)
+
+ -- Dustin Kirkland <email address hidden> Fri, 27 Mar 2009 17:12:09 -0500
+
+adduser (3.110ubuntu4) jaunty; urgency=low
+
+ * deluser: remove all of /var/lib/ecryptfs/$user, if deluser --remove-home
+ is specified, LP: #347970
+
+ -- Dustin Kirkland <email address hidden> Tue, 24 Mar 2009 13:54:50 -0500
+

Thanks Dustin!

Changed in adduser (Ubuntu):
status: In Progress → Fix Released
Luis Mondesi (lemsx1) wrote :

remember that on karmic the ecryptfs directory is now ~user/../.ecryptfs/user/.ecryptfs

luvly uh?

It's a better location for this, but your patch will not fix this

Martin Pitt (pitti) on 2009-10-09
Changed in adduser (Ubuntu):
assignee: Martin Pitt (pitti) → Dustin Kirkland (kirkland)
status: Fix Released → Triaged
Dustin Kirkland  (kirkland) wrote :

This was fixed several months ago.

adduser (3.110ubuntu6) karmic; urgency=low

  * deluser: add logic to prune new location of ecryptfs config data,
    in /home/.ecryptfs/$user

 -- Dustin Kirkland <email address hidden> Mon, 03 Aug 2009 12:49:04 +0100

Please verify the functionality next time, before reopening the bug.

Changed in adduser (Ubuntu Jaunty):
status: New → Fix Released
summary: - deluser --remove-home leaves /var/lib/ecryptfs/<username> behind
+ deluser --remove-home leaves ecryptfs data behind
Changed in ecryptfs-utils (Ubuntu Jaunty):
status: New → Invalid
Changed in adduser (Ubuntu Karmic):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Patches