Mailinglist Archive: opensuse-bugs (4251 mails)

< Previous Next >
[Bug 1038454] encrypted home directory is not unmounted when user logs out
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 11 May 2017 12:17:54 +0000
  • Message-id: <>

--- Comment #5 from P. Otato <cfd_s12@xxxxxx> ---
(In reply to Matthias Gerstner from comment #4)
(In reply to cfd_s12@xxxxxx from comment #3)

I'm pretty sure YaST does not use Ecryptfs.

You're right. YaST uses cryptconfig, LUKS based encrypted files, which are
loop-mounted via pam_mount into the home directory.

So if your home is not unmounted during logout then the problem probably is
the area of pam_mount. You are using Leap 42.2, right? I tried to reproduce
this on a test installation but was not successful. So there must be some
additional influence in your setup.

pam_mount keeps a session counter in /var/run/pam_mount/<user>. Only when
counter reaches zero, the unmount will be performed.

You can check out this value before login, while logged in an after being
logged out. You can also check the output of `journalctl -f` as root, while
doing login/logout. Maybe some warning or error message related to pam_mount
can be seen.

Also check whether your /etc/pam.d/xdm file contains this line:

session optional

Maybe you can attach this file to the bug, just in case some other session
modules influence your installation.

You can also check whether the unmounting works if done on a login text
console instead of the graphical login, because in this case a different PAM
configuration applies.

Thank you.
Thanks for your quick reply, I will test, log and respond again.

So far a got a quick update. I'm using openSUSE Leap 42.2 with Plasma 5. I
tried to reproduce the bug with an unpatched openSUSE Leap 42.2 GNOME as well
as with the current SLED 12 SP3 beta2. In both cases the behavior could NOT be
reproduced, so maybe it's a Plasma 5 or sddm related thing?

When I saw your line about editing /etc/pam.d/xdm, I remembered that there was
a Plasma related bug that prevented accessing encrypted home directories. A
workaround was to login in tty first and after that login using the display
manager (not sure if kdm or sddm) or to add some lines in /etc/pam.d/??? very
similar to yours. Sounds like this could be related. I will do some research
and respond back. Thank you very much so far!

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >