Encrypted home and pam_mount

To: debian-user@lists.debian.org
Subject: Encrypted home and pam_mount
From: Andrey Dogadkin <adogadkin@outlook.com>
Date: Sat, 02 Mar 2024 22:46:22 +0300
Message-id: <[🔎] DB9P193MB164170B99E0C92675CD3F06BB85D2@DB9P193MB1641.EURP193.PROD.OUTLOOK.COM>

Hello,

I'm trying to set up a LUKS-encrypted user's home partition which would
be automounted when the user logs in.

I've installed libpam-mount and added the following line into
/etc/security/pam_mount.conf.xml:

<volume user="andrey" fstype="crypt" path="/dev/disk/by-partuuid/..."
mountpoint="~" />

Automounting works fine, but I'm having trouble with auto-unmounting
when I log out. The partition stays mounted and I can see "target is
busy" errors from umount in the journal.

If I edit logout entry inside pam_mount.conf.xml to look like this: 

<logout wait="10000000" hup="no" term="yes" kill="yes" />

I can see during the first 10sec period that my home dir is held by
pulseaudio and dbus-daemon. Then pam_mount terminates them successfully
with SIGTERM, waits another 10sec period, tries to kill whatever might
remain and successfully unmounts the directory. Interestingly,
pam_mount won't wait after sending the last signal, so having kill is
important for term to work well, otherwise there will still be a race.

So it seems to me that the pam_mount processing happens a bit early
during logout, before the system gets an opportunity to shutdown some
of the user processes. Is there anything I can change in my
configuration to let everything stop gracefully leaving the <logout ...
/> as a last resort option for pam_mount?

Reply to:

Follow-Ups:
- Re: Encrypted home and pam_mount
  - From: Max Nikulin <manikulin@gmail.com>

Prev by Date: Re: systemd-resolved resolving fails sometimes on Debian12
Next by Date: Re: systemd-resolved resolving fails sometimes on Debian12
Previous by thread: Re: Getting my PCMCIA Serial card to work
Next by thread: Re: Encrypted home and pam_mount
Index(es):
- Date
- Thread