You are not logged in.
When encrypting a home folder using ecryptfs the files are decrypted and mounted on login und should be unmounted on logout.
However on my setup the files are still accessable to other users aufter the respected user logged out.
According to the wiki page the empty file auto-umount in ~.ecryptfs should solve this issue, however the file is present on my setup and still it does not work.
Can anyone tell me what might be up with this?
Thanks
Offline
what does this show?:
ls -l ~/.ecryptfsOffline
lrwxrwxrwx 1 user user 30 4. Mar 15:21 /home/user/.ecryptfs -> /home/.ecryptfs/user/.ecryptfs
Last edited by Gerd093 (2015-03-07 12:42:08)
Offline
Sorry, I didn't read your first post properly...
Anyway, have you set up pam properly as it says here: https://wiki.archlinux.org/index.php/EC … o-mounting ?
Offline
Sorry, I didn't read your first post properly...
Anyway, have you set up pam properly as it says here: https://wiki.archlinux.org/index.php/EC … o-mounting ?
I did everything the wiki says.
The pam entries are all correctly set
Offline
Very same problem here. auto-umount file is in its place, setup is according to wiki page.
Offline
I've had a similar problem that turned out to be a gpg-agent staying in the background after logoff (running KDE). I don't use the gpg-agent so uninstalling the kde-agent package fixed this.
gpg-agent is just one possibility, of course, so doing a "lsof -u (userid)" while logged on as root in text mode can lead you to the culprit.
Offline
I have the feeling that umounting the encrypted home after the last logout should be ensured for security reasons.
Isn't it possible to automatically
fuser -km /home/USERNAMEjust before the ecryptfs umount is attempted or something like that? That should also be a workaround for the systemd issues. Would that be possible and safe? Would it make sense for me to create a pam hook that does that? I would have to check /tmp/ecryptfs-USERNAME-Private to make sure ecryptfs would umount, is that correct? No such file exists here.
Offline