http://bugzilla.opensuse.org/show_bug.cgi?id=1087749 Bug ID: 1087749 Summary: pam_mount with LUKS encrypted /home partition unwarily umounts /home at logout Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: i686 OS: openSUSE 42.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: ChG@posteo.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- LUKS-encrypted /home partition gets un-mounted at logout of any user, even when there are still other users logged in, effectively kicking them out. The /home partition (common to all users) as a whole is encrypted - for collaboration reasons, we don't use individual /home/<user> containers separately encrypted. Details: The /home partition is a LUKS device on /dev/sda4, with passwords of several users in the LUKS device's key slots. Concurrent login of several users works, but logging out any one of them kicks all others out, due to /home being forcibly umount'ed. This is unacceptable for a workstation used by several users - even root is affected when its login shell happens to have 'cd'ed into any of the /home subbdirectories. Furthermore, it renders the "Switch User" function of the (KDE) login screen useless: user A logs in, leaves the desktop and his screen locks up, user B "switches user" to himself, does its work and logs out again - user A is kicked off the system, loosing all unsaved work. How the volume was created and users were added: # cryptsetup --verify-passphrase --use-random --header-backup-file=/root/home.LUKS luksFormat /dev/sda4 # cryptsetup --verify-password luksAddKey /dev/sda4 In /etc/security/pam_mount.conf.xml, the following options are set: <logout wait="2000" hup="no" term="yes" kill="yes" /> Changing this does not help, as pam_mount uses the "ofl" tool from the "hxtools" package to TERMinate or KILL processes still using /home/user. According to "man ofl", it can NOT differentiate between processes of different users, effectively killing ALL processes still having anything open in /home. -- You are receiving this mail because: You are on the CC list for the bug.