3

I am relatively new GNU/Linux user and currently use Xubuntu 14.04 LTS. I have my main user and I also enabled root account (but not used it and root password is setup).

I am interested in ecryptfs and read lots of articles including these:

I decided to perform several tests on VM. I guess what I found must be some bug. I would appreciate your comments.

Tested:

  • Ubuntu GNOME 15
  • Lubuntu 15
  • Xubuntu 14 LTS

How do I test:

  • Installation - default with option to encrypt Home folder during installation
  • I enable root account and create password (How to enable root login?)

What happens on all of them: I shutdown the machine. Start it. If I first login with root, root cannot see my user's HOME folder/files/ they are encrypted.

  • However, what happens on Ubuntu and Lubuntu 15:

    If I login to my user, check files, then log off fully, eventually login with root, root can see my user's files. This should be fine if understand correctly the articles above? Or no? If the user's account is logged off, should root still be able to read the files of other users?

  • What happens on Xubuntu 14 LTS:

    If I login to my user, then I log off, eventually login with root, root CANNOT read my user's home dir/files. No matter how I tries it, if root first, or user first, If the user is logged off, root cannot read the files of my user?

So, what is really the expected behaviour? Any bugs?

I really appreciate everyone's opinion and expert words. Thank you!

Community
  • 1
Popssy
  • 31
  • 3

1 Answers1

1

I think your testing results for Xubuntu are the expected/desired behaviour; while a user is logged in (mounting/decrypting their home folder) then root can also see their files. Otherwise, when a user's logged out their files are supposed to remain encrypted/unmounted.

Why that's not happening... I doubt it's a disk cache keeping the files visible after they've been unmounted. Or maybe eCryptFS isn't configured to properly unmount when logging out.

Does sound like a Ubuntu/Lubuntu 15 bug. Finding a quick/easy way to repeat it on a fresh install on a VM should be very helpful to the bugfixers. There may already be an existing bug report about it, I didn't search, but here's the Ubuntu help page on "good & detailed bug reports"

Xen2050
  • 8,705
  • No problem. I investigated which keys were added to the user/root keyring with keyctl show (different with sudo) and not removing a key after unmounting is a possibility, but that wouldn't decrypt the files on it's own. Just leaving the encrypted home mounted is what it sounds like, I don't remember offhand but I think there's a way for root to see if any eCryptFS's are mounted by other users. – Xen2050 Jul 01 '15 at 10:57
  • Thanks again for following up on this. I find this important (especially if it turns out to be a bug). I followed your initial suggestion and filed bug report in launchpad, so far no news. – Popssy Jul 03 '15 at 20:07
  • Hi again, I've been disro hopping recently (in the past days) with different Ubuntu derivates and performing tests. Actually, I don't like the pure Ubuntu but now this is the one I have installed and and is on the machine now. So, I think this bug I report above might be related to this one: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1449555 ? – Popssy Jul 14 '15 at 05:39
  • I started with Ubuntu, but derivatives like Linux Mint or CrunchBang (when it was active) are more ++. Trying out a new iso is pretty easy, so no problem trying a bunch of different distros. Strange how that bug's got an encrypted home (with eCryptFS I think) related to the cryptsetup's encrypted swap, maybe configuration problems? – Xen2050 Jul 19 '15 at 03:21