ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #01873
[Bug 849136] Re: ecryptfs leaves unencrypted mount after logout
Hi Ian - Thanks for the report.
It is normal for the root user to be able to view the decrypted versions
of the files, as long as the mount is active. The main goal of eCryptfs
is to provide protection of your files when eCryptfs isn't mounted. A
determined root user is practically impossible to keep out while the
eCryptfs mount is active.
Now, to address the issue of the user's home not unmounting after log
out...
1) Does the file ~/.ecryptfs/auto-umount exist? If not, run `touch
~/.ecryptfs/auto-umount` and see if that fixes it.
2) Is there a background process that is still running which has a file
opened in the home directory? You should be able to test this with the
lsof program. Log in, log out, then log back in as root, make sure that
the user's home directory is still mounted and, finally, run `lsof
/home/ian` (replacing ian with whatever your real username is).
--
You received this bug notification because you are a member of eCryptfs,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/849136
Title:
ecryptfs leaves unencrypted mount after logout
Status in eCryptfs - Enterprise Cryptographic Filesystem:
New
Bug description:
If two users login, one having an encrypted home dir. The second user
(being a sysadmin) is able to sudo and view the encrypted user's home
directory content. If the encrypted user then logs out, the other
user can still sudo to the previous users home directory as the
unencrypted mount remains.
I would expect that the encrypted home would unmount when a user logs
off and a sudo to the encrypted user's home would show the unmounted
state like before the user logged in.
Although a sudo trusted user normally would be able to view all disk
content, I was hoping that this would keep the prying sysadmin out of
private data (local logins only allowed).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/849136/+subscriptions
References