Package: libpam-mount
Version: 2.20-3+b2
Severity: important
Dear Maintainer,
On a workstation PC running Debian Trixie, I have configured pam-mount so that
it mounts some samba shares with user data at login. That is working well for a
single user. However, I noticed that after logging out as a specific user A and
then logging in as another user B, the mounts from user A still exist (and vice
versa). This is of course not acceptable for several reasons (e.g. privacy,
security).
I found some ancient bug reports [1] where pam was not able to use root rights
and therefore couldn't unmount the volumes. I am pretty sure that this is not
the case here, as the bug was fixed long ago and I don't see this specific log
entry on my system.
I found several bugs in the Debian pam-mount package describing unmount not happening, but with other symptoms. In one of the reports, changing the "logout"-line in
/etc/security/pam_mount.conf.xml from <logout wait="0" hup="0" term="0" kill="0" /> to <logout wait="2000"
hup="0" term="1" kill="1"/> solved a similar issue. I changed this config line, but without a noticable effect.
What I noticed in the pam-mount logs while digging deeper was a line saying that "user A seems
to have other remaining open sessions". I then checked the session tracker in
/var/run/pam_mount/, and the numbers there don't seem to be correct. After the first login of user
A to a desktop, the value stored in "/var/run/pam_mount/user A" is 0x1. After logging
out, it is 0x2. With each new login, the number is increased by 1 after login and by 1 after logout.
With the help from Debian user mailing list, I executed strace -f -s 10000 -e
execve -p $(pidof login | tr ' ' ,) -o /tmp/strace_login before login and
logout. It gives the following output:
For login:
9414 execve("/usr/sbin/pmvarrun", ["/usr/sbin/pmvarrun", "-u", "xxx"],
0x55ec223822c0 /* 11 vars */) = 0
For logout:
9483 execve("/usr/sbin/pmvarrun", ["/usr/sbin/pmvarrun", "-u", "xxx"],
0x55ec223822c0 /* 17 vars */) = 0
The results indicate that instead of decreasing the count at logout using
arguments '-o' '-1', the count is increased by the default value. Thus, the
session counter never reaches 0 and this prevents unmount.
If more information is needed, I will assist if I can.
Best regards,
Paul
-- System Information:
Debian Release: 13.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.73+deb13-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpam-mount depends on:
ii libc6 2.41-12+deb13u1
ii libcryptsetup12 2:2.7.5-2
ii libhx32t64 4.26-1
ii libmount1 2.41-5
ii libpam-runtime 1.7.0-5
ii libpam0g 1.7.0-5
ii libpcre2-8-0 10.46-1~deb13u1
ii libssl3t64 3.5.4-1~deb13u2
ii libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
Versions of packages libpam-mount recommends:
ii libpam-mount-bin 2.20-3+b2
Versions of packages libpam-mount suggests:
ii cifs-utils 2:7.4-1
pn davfs2 <none>
ii fuse3 [fuse] 3.17.2-3
ii hxtools 20231224-2+b2
ii lsof 4.99.4+dfsg-2
ii openssl 3.5.4-1~deb13u2
ii psmisc 23.7-2
ii sshfs 3.7.3-1.1+b2
pn xfsprogs <none>
-- Configuration Files:
/etc/security/pam_mount.conf.xml changed [not included]
-- no debconf information
