Bug#765854: ecryptfs-utils: Private directory not automatically unmounted anymore on logout

Sun Jan 8 19:57:53 GMT 2017

On Sun, Jan 08, 2017 at 08:25:01PM +0100, László Böszörményi (GCS) wrote:
> On Sun, Jan 8, 2017 at 7:13 PM, Julian Andres Klode <jak at debian.org> wrote:
> > Two points:
> >
> > (1) Seems you install to lib/systemd/system - but the service would have to be
> >     in lib/systemd/user to work (it's a user service)
>  Michael is right, it's /usr/lib/systemd/user/ and package is updated
> accordingly.
> 
> > (2) We found out on IRC later yesterday that the cause for this is that
> >     pam_ecryptfs is in common-auth and common-session. The systemd
> >     --user instance runs with the systemd-user pam configuration, which
> >     only includes common-account and common-session-noninteractive
> >
> > So while my workaround definitely works a more correct solution might
> > be to adjust the pam config and add ecryptfs to common-session-noninteractive
> > as well?
>  How did you check? On my system before the installation:
> # grep -r pam_ecryptfs /etc/pam.d/
> [no result]
> 
> When I install -4 (not changed the pam config):
> # grep -r pam_ecryptfs /etc/pam.d/
> /etc/pam.d/common-auth:auth    optional    pam_ecryptfs.so unwrap
> /etc/pam.d/common-session-noninteractive:session    optional
> pam_ecryptfs.so unwrap
> /etc/pam.d/common-session:session    optional    pam_ecryptfs.so unwrap
> /etc/pam.d/common-password:password    optional    pam_ecryptfs.so
> 
> It _is_ in common-auth, common-session{,-noninteractive} and
> common-password. May I miss something?

Ah no, sorry. I just looked manually at c-s-ni and missed
it. I wonder then why it does not unmount automatically when the
systemd-user pam session ends, but I don't know everything.

Might be worthwhile looking into this, although the .service
workaround worked fine for me for two years, so that's an
easy way to fix this now.

-- 
Debian Developer - deb.li/jak | jak-linux.org - free software dev
                  |  Ubuntu Core Developer |
When replying, only quote what is necessary, and write each reply
directly below the part(s) it pertains to ('inline').  Thank you.