Automounts users autofs home directories by default (face browser disabled)

Bug #562509 reported by Micheal Waltz on 2010-04-13
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gdm
Fix Released
High
gdm (Ubuntu)
Low
Unassigned
Lucid
Low
Unassigned

Bug Description

Binary package hint: gdm

Even with the face browser disabled when GDM starts it mounts up to 100 users autofs home dirs. This is an issue since having hundreds of desktops hosts automatically mount autofs home dirs when they'll most likely not be used could cause a resource issue on the file server. This is as a possible security too issue since the system is automatically mounting home dirs without authentication.

Description: Ubuntu lucid (development branch) - sync'd from main repos on April 13th
Release: 10.04
Package:
gdm:
  Installed: 2.30.0-0ubuntu4
  Candidate: 2.30.0-0ubuntu4
  Version table:
 *** 2.30.0-0ubuntu4 0
        500 http://apt-dev/ubuntu/ lucid/main Packages
        100 /var/lib/dpkg/status

What was done:
Face browser disabled per: https://wiki.ubuntu.com/SecurityTeam/FAQ#GNOME%20Display%20Manager%20%28gdm%29
sudo -u gdm gconftool-2 --set --type boolean /apps/gdm/simple-greeter/disable_user_list true

Expected behavior:
GDM displays username prompt with no filesystems mounted with the exception of those in /etc/fstab. Once a user logs in successfully their home dir should automount.

Actual behavior:
GDM displays username prompt, up to 100+ home dirs from /etc/autofs.home are mounted.

There is a bug filed in upstream for this as well:
https://bugzilla.gnome.org/show_bug.cgi?id=607728

Related branches

Sebastien Bacher (seb128) wrote :

Thank you for your bug report

Changed in gdm (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Sebastien Bacher (seb128) wrote :

would be useful if you could reply to upstream comments

Changed in gdm:
status: Unknown → New
Changed in gdm:
status: New → Invalid

Upstream bug has been marked as duplicate of bug https://bugzilla.gnome.org/show_bug.cgi?id=609321

Changed in gdm:
status: Invalid → Unknown
Changed in gdm:
status: Unknown → Fix Released
Sebastien Bacher (seb128) wrote :

the issue is fixed in the maverick version

Changed in gdm (Ubuntu):
status: Triaged → Fix Released
Changed in gdm (Ubuntu Lucid):
importance: Undecided → Low
status: New → Fix Committed
Changed in gdm (Ubuntu Lucid):
assignee: nobody → Sebastien Bacher (seb128)
Sebastien Bacher (seb128) wrote :

There is a candidate lucid update which has been uploaded now, the debdiff is on bug #585574

Accepted gdm into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Sebastien Bacher (seb128) wrote :

could you test the updated version?

Micheal Waltz (ecliptik) wrote :

Just installed it on a 10.04 system and I'm still seeing GDM load a user list and mount up all their home directories.

gdm:
  Installed: 2.30.2.is.2.30.0-0ubuntu2
  Candidate: 2.30.2.is.2.30.0-0ubuntu2
  Version table:
 *** 2.30.2.is.2.30.0-0ubuntu2 0
        900 http://us.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        100 /var/lib/dpkg/status
     2.30.0-0ubuntu5 0
        500 http://apt/ubuntu/ lucid/main Packages

mwaltz@tatl:~ $ mount | grep "type nfs" | wc -l
341

I tried to set the greeter to the simple login but I'm getting a gconfd error which is unrelated. Still, even if the simple greeter disabled I don't think it should be trying to automount all the users home dirs.

Changed in gdm:
importance: Unknown → High
Changed in gdm (Ubuntu Lucid):
assignee: Sebastien Bacher (seb128) → nobody
Christian Hudon (chrish) wrote :

This bug is not fixed in lucid, even with the latest gdm (2.30.2.is.2.30.0-0ubuntu5.2). Gdm still touches all user directories, which means they all get mounted when /home is managed by automount. This is very annoying because as soon as one home directory is not available (because the NFS server is down, etc.), this bug makes it impossible for anyone to login across the whole set of computers.

The (remaining) cause of the problem is the update_icon_monitor() function in daemon/gdm-user.c. I disabled said function with the attached patch, and now gdm does not cause all home directories to become automounted, and people can still login even if someone else's home directory is not available. The patch may not do the right thing for users who care about the face browser, but it finally makes Lucid's gdm usable in deployments with NFS and/or automounted home directories, etc.

Please consider fixing this bug.

CHRISTMAS SALE!!!

> You falter whether you should get our replica watch for Christmas present and new years party and you are frightened that its material will lighten away pretty soon? We can take all your fears away by guaranteeing you that you can wear this watch for existence and it will still look like you just bought it the recent past. The cause for that is that all our replica watches are crafted from one hard block of real full, solid stainless steel.

> Amazing time of Christmas holidays is coming soon - make your choice with Prestige and you will find presents for everyone by only few clicks. We can guarantee that you will be surprised by our prices and variety of luxury goods.

***********
"The Panerai watches are first class! I am amazed at the detail. They have the same weight, feel, and look of the originals which cost anywhere from $5000 - $25,000. I look forward to ordering more! Your company provides outstanding customer service, and speedy order delivery! Keep up the great work! I will definitely recommend you to friends, colleagues, and associates..."

                     Alexis Calloway
***********

CLICK HERE --->>> http://crotr.ru

------------------------
--------------
------
15% DISCOUNT FOR EVERY $250 OR MORE ORDER!!!

Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in gdm (Ubuntu Lucid):
status: Fix Committed → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.