You are not logged in.

#1 2015-03-06 14:16:53

Gerd093
Member
Registered: 2015-03-06
Posts: 12

ecryptfs does not unmount on logout

When encrypting a home folder using ecryptfs the files are decrypted and mounted on login und should be unmounted on logout.
However on my setup the files are still accessable to other users aufter the respected user logged out.
According to the wiki page the empty file auto-umount in ~.ecryptfs should solve this issue, however the file is present on my setup and still it does not work.

Can anyone tell me what might be up with this?
Thanks

Offline

#2 2015-03-06 19:07:05

myles
Member
Registered: 2011-10-06
Posts: 40

Re: ecryptfs does not unmount on logout

what does this show?:

ls -l ~/.ecryptfs

Offline

#3 2015-03-07 12:42:00

Gerd093
Member
Registered: 2015-03-06
Posts: 12

Re: ecryptfs does not unmount on logout

lrwxrwxrwx 1 user user 30  4. Mar 15:21 /home/user/.ecryptfs -> /home/.ecryptfs/user/.ecryptfs

Last edited by Gerd093 (2015-03-07 12:42:08)

Offline

#4 2015-03-07 16:42:35

myles
Member
Registered: 2011-10-06
Posts: 40

Re: ecryptfs does not unmount on logout

Sorry, I didn't read your first post properly...
Anyway, have you set up pam properly as it says here: https://wiki.archlinux.org/index.php/EC … o-mounting ?

Offline

#5 2015-03-09 14:24:06

Gerd093
Member
Registered: 2015-03-06
Posts: 12

Re: ecryptfs does not unmount on logout

myles wrote:

Sorry, I didn't read your first post properly...
Anyway, have you set up pam properly as it says here: https://wiki.archlinux.org/index.php/EC … o-mounting ?


I did everything the wiki says.
The pam entries are all correctly set

Offline

#6 2015-03-09 16:28:28

mora
Member
Registered: 2014-09-02
Posts: 1

Re: ecryptfs does not unmount on logout

Very same problem here. auto-umount file is in its place, setup is according to wiki page.

Offline

#7 2015-03-10 16:39:29

hwm
Member
From: Iserlohn, Germany
Registered: 2015-02-10
Posts: 22

Re: ecryptfs does not unmount on logout

I've had a similar problem that turned out to be a gpg-agent staying in the background after logoff (running KDE). I don't use the gpg-agent so uninstalling the kde-agent package fixed this.

gpg-agent is just one possibility, of course, so doing a "lsof -u (userid)" while logged on as root in text mode can lead you to the culprit.

Offline

#8 2015-04-28 18:26:45

krumelmonster
Member
Registered: 2015-04-27
Posts: 12

Re: ecryptfs does not unmount on logout

I have the feeling that umounting the encrypted home after the last logout should be ensured for security reasons.
Isn't it possible to automatically

fuser -km /home/USERNAME

just before the ecryptfs umount is attempted or something like that? That should also be a workaround for the systemd issues. Would that be possible and safe? Would it make sense for me to create a pam hook that does that? I would have to check /tmp/ecryptfs-USERNAME-Private to make sure ecryptfs would umount, is that correct? No such file exists here.

Offline

Board footer

Powered by FluxBB