Ubuntu
adduser package

deluser --remove-home leaves ecryptfs data behind

Bug #347970 reported by Martin Pitt on 2009-03-24

This bug affects 1 person

	Status	Importance	Assigned to
adduser (Ubuntu)	Fix Released	Low	Dustin Kirkland 
Jaunty	Fix Released	Undecided	Unassigned
Karmic	Fix Released	Low	Dustin Kirkland 
ecryptfs-utils (Ubuntu)	Invalid	Low	Dustin Kirkland 
Jaunty	Invalid	Undecided	Unassigned
Karmic	Invalid	Low	Dustin Kirkland 

Bug Description

Binary package hint: adduser

On experimenting with encrypted home directories, I repeatedly added and removed users with encrypted home directories (had to do that because of bug 347969).

It occurred to me that "deluser --remove-home foo" followed by "adduser --encrypt-home foo" doesn't work, because deluser leaves /var/lib/ecryptfs/foo behind.

ProblemType: Bug
Architecture: i386
DistroRelease: Ubuntu 9.04
Package: adduser 3.110ubuntu3
PackageArchitecture: all
ProcEnviron:
PATH=(custom, user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: adduser
Uname: Linux 2.6.28-11-generic i686

Tags:

Revision history for this message

Martin Pitt (pitti) wrote on 2009-03-24:

Dependencies.txt Edit (615 bytes, text/plain; charset="utf-8")

Changed in adduser (Ubuntu):
assignee:	nobody → kirkland

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2009-03-24:

Thanks for the report, Martin.

I suppose removing /var/lib/ecryptfs/$USER should be safe, if you're removing their home directory too...

I'm adding a task against adduser, as that's where this code will need to live. I'll keep a task open against ecryptfs-utils for now, for tracking purposes.

:-Dustin

Changed in adduser (Ubuntu):
importance:	Undecided → Low
status:	New → Triaged
Changed in ecryptfs-utils (Ubuntu):
assignee:	nobody → kirkland
importance:	Undecided → Low
status:	New → Triaged

Dustin Kirkland  (kirkland) on 2009-03-24

Changed in adduser (Ubuntu):
status:	Triaged → In Progress

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2009-03-24:

out.diff Edit (1.6 KiB, text/plain)

Attaching a patch that solves this in deluser. Basically, we do a 'find' on /var/lib/ecryptfs/$user as well, and add those to the files/dirs to be removed. Note that there is a regex list of prohibited dirs that matches on "/var", so I added an exception condition for /var/lib/ecryptfs/$user.

Patch attached. I'm requesting some review of someone with more adduser/deluser expertise than I ;-)

:-Dustin

Changed in ecryptfs-utils (Ubuntu):
status:	Triaged → Invalid

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2009-03-24:

I'm assigning the adduser bit to pitti, for his review and upload at his discretion. Earlier in the cycle, I'd do this myself. At this point, a second set of eyes is a good thing ;-)

:-Dustin

Changed in adduser (Ubuntu):
assignee:	kirkland → pitti

Revision history for this message

Martin Pitt (pitti) wrote on 2009-03-28:

This was uploaded with a wedged changelog, and thus no auto-closing:

+adduser (3.110ubuntu5) jaunty; urgency=low
+
+ * deluser: reworked previous upload slightly, per feedback from cjwatson,
+ should make the "rm /var/lib/ecryptfs/$user" code easier to read;
+ revert $version corruption (oops)
+
+ -- Dustin Kirkland <email address hidden> Fri, 27 Mar 2009 17:12:09 -0500
+
+adduser (3.110ubuntu4) jaunty; urgency=low
+
+ * deluser: remove all of /var/lib/ecryptfs/$user, if deluser --remove-home
+ is specified, LP: #347970
+
+ -- Dustin Kirkland <email address hidden> Tue, 24 Mar 2009 13:54:50 -0500
+

Thanks Dustin!

Changed in adduser (Ubuntu):
status:	In Progress → Fix Released

Revision history for this message

Luis Mondesi (lemsx1) wrote on 2009-10-09:

remember that on karmic the ecryptfs directory is now ~user/../.ecryptfs/user/.ecryptfs

luvly uh?

It's a better location for this, but your patch will not fix this

Martin Pitt (pitti) on 2009-10-09

Changed in adduser (Ubuntu):
assignee:	Martin Pitt (pitti) → Dustin Kirkland (kirkland)
status:	Fix Released → Triaged

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2009-10-14:

This was fixed several months ago.

adduser (3.110ubuntu6) karmic; urgency=low

* deluser: add logic to prune new location of ecryptfs config data,
in /home/.ecryptfs/$user

-- Dustin Kirkland <email address hidden> Mon, 03 Aug 2009 12:49:04 +0100

Please verify the functionality next time, before reopening the bug.

Changed in adduser (Ubuntu Jaunty):
status:	New → Fix Released
summary:	- deluser --remove-home leaves /var/lib/ecryptfs/<username> behind + deluser --remove-home leaves ecryptfs data behind
Changed in ecryptfs-utils (Ubuntu Jaunty):
status:	New → Invalid
Changed in adduser (Ubuntu Karmic):
status:	Triaged → Fix Released