#106 Limiting access to group or a list of users is broken

pam_mount
open
pam_mount (94)
5
2012-09-07
2012-09-07
Anonymous
No

Hello,

I have an encrypted drive with VirtualBox disk images and I want to share it amongst all users using VirtualBox on my computer. To do that, I added the following entry in the pam_mount.conf.xml:

<volume sgrp="vboxusers" path="/dev/sdb3" />

When the first user: `zaq', logs in via kdm, everything works as expected. The mount command shows:

/dev/mapper/_dev_sdb3 on /srv/virtualbox type xfs (rw,noatime)
/dev/sdb3 on /srv/virtualbox type crypt (rw,noatime)

and the pam_mount counter for `zaq' is 0x1:

zaq@cumulonimbus ~ $ cat /var/run/pam_mount/zaq
0x1

When I log in using another account, `chmurka', either from text console or by issuing the su command, everything also appears to be alright:

zaq@cumulonimbus ~ $ su chmurka
Password:
ehd_logctl: feature 1 is already zero
(pam_mount.c:365): pam_mount 2.13: entering auth stage
(pam_mount.c:554): pam_mount 2.13: entering session stage
(misc.c:39): Session open: (ruid/rgid=1000/100, e=0/100)
(mount.c:263): Mount info: globalconf, user=chmurka <volume fstype="auto" server="(null)" path="/dev/sdb3" mountpoint="/srv/virtualbox" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="noauto,noatime" /> fstab=1 ssh=0
(mount.c:616): /dev/sdb3 already seems to be mounted at /srv/virtualbox, skipping
command: 'pmvarrun' '-u' 'chmurka' '-o' '1'
(misc.c:39): set_myuid<pre>: (ruid/rgid=1000/100, e=0/100)
(misc.c:39): set_myuid<post>: (ruid/rgid=0/100, e=0/100)
(pmvarrun.c:254): parsed count value 0
(pam_mount.c:441): pmvarrun says login count is 1
(pam_mount.c:646): done opening session (ret=0)

But when I log out:

chmurka@cumulonimbus /home/zaq $ exit
exit
(pam_mount.c:692): received order to close things
(misc.c:39): Session close: (ruid/rgid=1000/100, e=0/100)
command: 'pmvarrun' '-u' 'chmurka' '-o' '-1'
(misc.c:39): set_myuid<pre>: (ruid/rgid=1000/100, e=0/100)
(misc.c:39): set_myuid<post>: (ruid/rgid=0/100, e=0/100)
(pmvarrun.c:254): parsed count value 1
(pam_mount.c:441): pmvarrun says login count is 0
(mount.c:869): going to unmount
(mount.c:263): Mount info: globalconf, user=chmurka <volume fstype="auto" server="(null)" path="/dev/sdb3" mountpoint="/srv/virtualbox" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="noauto,noatime" /> fstab=1 ssh=0
command: 'ofl' '-k0' '/srv/virtualbox'
HXproc_run_async: ofl: No such file or directory
command: 'umount' '/srv/virtualbox'
(misc.c:39): set_myuid<pre>: (ruid/rgid=1000/100, e=0/100)
(misc.c:39): set_myuid<post>: (ruid/rgid=0/100, e=0/100)
(pam_mount.c:729): pam_mount execution complete
(pam_mount.c:116): Clean global config (0)
(pam_mount.c:133): clean system authtok=0x99b8c0 (0)

The drive unmounts even though user zaq still is logged in.

The same behaviour occurs when using the Extended user control and directly specifying user names, i.e.:

<volume user="zaq" path="/dev/sdb3"><and><user>chmurka</user></and></volume>

Discussion

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks