Ubuntu: Encrypted home folder still accessible after logout


I you have an account with an encrypted home folder, you can't access the user's plain text data in their home folder if that user hasn't logged in, yet, since the system last booted up. This is what I expected because it should in fact not be practically feasible to access a user's home folder without their password being entered.

However, I found that when a user with an encrypted home folder logs in and then logs out, the plain text data in their home folder still is accessible to other users. Sufficient access privileges are required, of course.

w doesn't list the user and the output of sudo pgrep -u <username> is empty, indicating that the user doesn't have any running processes.

What is the reason for this behavior? Why not just lock the user's home folder after they logged out?


Known bug

If I understand correctly, this is a known bug.

See this link: wiki.archlinux.org/index.php/ECryptfs

Scroll down to the pink paragraph

Warning: Unfortunately the automatic unmounting is susceptible to break with systemd and bugs are filed against it ...


As it is now, you had better shut down or reboot in order to remove the traces (It is not enough to log out).


I can't test or confirm this, but assuming that you are using ecryptfs (which is what Ubuntu offers during install, IIRC), the encrypted data is stored in a hidden folder /home/.encryptfs/$USER and mounted to your actual home folder's location using the ecryptfs driver when you log in.

Most likely, then, what is happening is that when you log out, it fails to automatically unmount that directory, so the files are still accessible. This could be caused by...

  • a bad config (perhaps it was supposed to be configured to unmount on logout but wasn't)
  • unexpected logout type (sometimes these solutions work for the DM login/out but don't work well otherwise)
  • if the unmounting is handled by a logout script (not necessarily the case), something preceding the unmount command could fail and cause the script to exit early.

One thing that can help you check this would be to run sudo mount | grep home before login, after login, and after logout to see if anything involving home is being mounted. You could also look in /etc/fstab for relevant entries. Finally, there is some config in /home/.ecryptfs/$USER/.ecryptfs/ with pertinent settings to automounting/unmounting.

Useful information about ecryptfs can be found in this answer and in the ever-helpful ArchWiki.


Edit /etc/systemd/logind.conf and set KillUserProcesses=yes

Note that this breaks background programs, screen, tmux, and similar...

This question here goes into it in more detail. I find defining a new systemd service unnecessary (or more accurately, not the desired behavior, as it's invoked as a shutdown hook, not when the user session terminates).


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »