http://bugzilla.opensuse.org/show_bug.cgi?id=1038454 Bug ID: 1038454 Summary: encrypted home directory is not unmounted when user logs out Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: cfd_s12@web.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- On a multi-user system I created several user accounts with encrypted home directories by using the "User and Group Management" module in YaST. When user A (with encrypted home) logs out and user B with root access logs in, it is possible for user B to access the files in the home directory of user A. This is not supposed to happen. I also tried encrypting the home directories using eCryptfs and the problem persists. Therefore I assume it's not a YaST related bug. Steps to reproduce: 1) create a new user using YaST, encrypt the home directory 2) login as new user, create a text file 3) logout and login as root 4) try to access home directory of new user (which should be encrypted but is not) I've also attached a video. Expected behaviour: Root can't access files in other users encrypted home directory. -- You are receiving this mail because: You are on the CC list for the bug.