Package: ecryptfs-utils Version: 111-5 Severity: important Dear Maintainer,
0) Use ecryptfs-setup-private to setup a Private directory in a user account. 1) After a fresh boot, the first login authenticated with the password to that user account (either via gdm3, via console, or via ssh), increments the mount count in /dev/shm/ecryptfs-$USER-private by 2 instead of 1, and logging out will only decrement it by 1. Currently I handle it by manually executing $ ecryptfs-umount-private (to decrement the mount count by 1) before logout, otherwise it will leave the Private directory accessible after logout. 2) After this, all subsequent logins with password (either via gdm3, via console, or via ssh) will only increment the mount count by 1. (Besides, logins without password, such as via ssh authenticated with a public key, will not increment mount count. Accessing Private in such situation should be done by manually executing $ ecryptfs-mount-private and providing password, and mount count will be decremented by one when logging out from this session.) 3) No matter how many logins without password, during which manually mounting Private may or may not occur, precede it, only "the first login with password" increments the mount count by 2. I suspect this issue appears because "session optional pam_ecryptfs.so unwrap" is present both in /etc/pam.d/common-session-noninteractive and in /etc/pam.d/common-session. The former acts on the first login, (via "systemd --user") while the latter acts on every interactive login. If password is available when they act, mount count will all increment by 1 each time. Further inspection shows that "systemd --user" is launched by the first login, either with or without password, and continue to run after logout, but in "the first login with password", the process tree with "systemd --user" as its root launched by the first login without password will be replaced with a new launch of "systemd --user", which will never be replaced any more during all subsequent logins. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Locale: LANG=zh_CN.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ecryptfs-utils depends on: ii gettext-base 0.19.8.1-10 ii keyutils 1.6.1-2 ii libc6 2.31-2 ii libecryptfs1 111-5 ii libgpgme11 1.13.1-9 ii libkeyutils1 1.6.1-2 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libtspi1 0.3.14+fixed1-1+b1 ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: ii cryptsetup 2:2.3.3-1+b1 ii rsync 3.2.2-2 -- no debconf information
