Hi,
On a workstation PC running Debian Trixie, I have configured pam-mount
so that it mounts some samba shares with user data at login. That is
working well for a single user. However, I noticed that after logging
out as a specific user A and then logging in as another user B, the
mounts from user A still exist (and vice versa). This is of course not
acceptable for several reasons (e.g. privacy, security).
I found some ancient bug reports [1] where pam was not able to use root
rights and therefore couldn't unmount the volumes. I am pretty sure that
this is not the case here, as the bug was fixed long ago and I don't see
this specific log entry on my system.
I found a bug in the Debian pam-mount package, where changing the
"logout"-line in /etc/security/pam_mount.conf.xml from <logout wait="0"
hup="0" term="0" kill="0" /> to <logout wait="2000" hup="0" term="1"
kill="1"/> solved a similar issue. I changed this config line, but
without a noticable effect.
What I noticed in the pam-mount logs was a line saying that "user A
seems to have other remaining open sessions". I then checked the session
tracker in /var/run/pam_mount/, and the numbers there don't seem to be
correct. After the first login of user A to a desktop, the value stored
in "/var/run/pam_mount/user A" is 0x1. After logging out, it is 0x2.
With each new login, the number is increased by 1 after login and by
1after logout. This doesn't seem to be right, I would expect the session
count to decrease after logging out.
My current assumption is that the unmount doesn't happen because
pam-mount erroneously thinks that the user is still logged in due to the
wrong session count. What could be causes for this wrong session count,
and how can it be corrected? Or could my initial problem (volumes not
unmounted after logout) be caused by something else?
If you need more specific information (e. g. logfiles or some of the
many pam configuration files), let me know.
Best regards,
Paul
[1] https://bugs.launchpad.net/ubuntu/+source/libpam-mount/+bug/117736
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666891
