[Bug 996806] Re: sudoedit triggers pam_mount to enquire the password of the encrypted partition, trying to mount it and later to umount it.

aldebx aldebx at yahoo.fr
Wed May 30 14:58:16 UTC 2012 

As reported by Stewart Prescott [1], this error is triggered when the
system invokes pam-mount twice, which means that pam-mount tries to
mount the volume twice as a result and the second time fails because the
mount point is not empty.

Currently, this seems to be a bug of the default packaging rather than
an user misconfiguration since even by resetting to default values via
command

 pam-auth-update

do not fix the situation. In Ubuntu 12.04 pam-mount is referenced in 3
files:

common-auth
common-session
common-session-noninteractive

and given that /etc/pam.d/sudo calls
#%PAM-1.0
@include common-auth
@include common-account
@include common-session-noninteractive

therefore pam-mount is called twice (common-auth and common-
noninteractive)

By removing (commenting out) the reference to pam-mount in "common-
session-noninteractive" this error does not appear any more, without
compromising any feature on non-server machines.

By the way, in my case the exact same error referenced in this bug does
not appear only with sudoedit, but also with sudo itself updated to the
latest version 1.8.3p1-1ubuntu3.1

[1] http://nanonanonano.net/linux/debian/enchome

** Also affects: user-mounts
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/996806

Title:
  sudoedit triggers pam_mount to enquire the password of the encrypted
  partition, trying to mount it and later to umount it.

Status in User mounts:
  New
Status in “sudo” package in Ubuntu:
  In Progress

Bug description:
  I have sudo 1.8.3p1-1ubuntu3.1 from precise-proposed and I use
  pam_mount for mounting encrypted partitions at login. (LVM partitions,
  if that matters.)

  'sudoedit' command triggers pam_mount to enquire the password of the
  encrypted partition, trying to mount it and later to umount it.
  Mounting and umounting fails, because the encrypted partition is
  already mounted, unlocked and busy. The edited file is not changed
  rendering sudoedit useless.

  $ sudoedit test
  reenter password for pam_mount:
  pam_mount(mount.c:69): Messages from underlying mount program:
  pam_mount(mount.c:73): crypt_activate_by_passphrase: File exists
  pam_mount(pam_mount.c:521): mount of /dev/myvolumehere/mypartitionhere failed
  pam_mount(mount.c:69): umount messages:
  pam_mount(mount.c:73): umount: /mnt/mymountedpartition: device is busy.
  pam_mount(mount.c:73): (In some cases useful info about processes that use
  pam_mount(mount.c:73): the device is found by lsof(8) or fuser(1))
  pam_mount(mount.c:73): umount /mnt/mymountedpartition failed with run_sync status 1
  pam_mount(mount.c:73): umount: /mnt/mymountedpartition: device is busy.
  pam_mount(mount.c:73): (In some cases useful info about processes that use
  pam_mount(mount.c:73): the device is found by lsof(8) or fuser(1))
  pam_mount(mount.c:73): umount /mnt/mymountedpartition failed with run_sync status 1
  pam_mount(mount.c:752): unmount of /dev/myvolumehere/mypartitionhere failed

  If I edit the file "test", the tmp file "/var/tmp/test.XXN2W9z4" gets
  updated, but after exiting sudoedit, the actual file is not changed.
  The tmp file is removed after exiting.

  sudo (version 1.8.3p1-1ubuntu3.1) does not trigger this behavior, just sudoedit. If I clear the sudo timestamp:
  $ sudo -k
  $ sudoedit test
  [sudo] password for myusername: 
  pam_mount(mount.c:69): Messages from underlying mount program:
  [...the same errors...]

  If I donwgrade to version sudo=1.8.3p1-1ubuntu3, the sudoedit fails
  similarly, but appended with the known bug 927828:

  shell:~$ sudoedit test
  reenter password for pam_mount:
  pam_mount(mount.c:69): Messages from underlying mount program:
  pam_mount(mount.c:73): crypt_activate_by_passphrase: File exists
  pam_mount(pam_mount.c:521): mount of /dev/myvolumehere/mypartitionhere failed
  sudoedit: pam_mount.c:417: modify_pm_count: Assertion `user != ((void *)0)' failed.
  Aborted
  shell:~$ ls test
  ls: cannot access test: No such file or directory

  So sudoedit was unusable also with the old version.

  The workaround is to edit files using "sudo vim (file)"

  $ lsb_release -rd
  Description:    Ubuntu 12.04 LTS
  Release:        12.04

  sudo:
    Installed: 1.8.3p1-1ubuntu3.1

  /$ cat /etc/pam.d/sudo
  #%PAM-1.0
  @include common-auth
  @include common-account
  @include common-session-noninteractive

  $ grep pam_mount /etc/pam.d/common-*
  /etc/pam.d/common-auth:auth     optional        pam_mount.so 
  /etc/pam.d/common-session:session       optional        pam_mount.so 
  /etc/pam.d/common-session-noninteractive:session        optional        pam_mount.so 

  Hence, pam_mount.so is in both common-auth and common-session-
  noninteractive. However, sudo does not have this problem, only
  sudoedit.

  File /etc/security/pam_mount.conf.xml:

  <?xml version="1.0" encoding="utf-8" ?>
  <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
  <pam_mount>
  <debug enable="0" />
  <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
  <mntoptions require="nosuid,nodev" />
  <logout wait="0" hup="0" term="0" kill="0" />
  <mkmountpoint enable="1" remove="true" />
  <volume user="myusername" fstype="crypt" path="/dev/myvolumehere/mypartitionhere" mountpoint="/mnt/mymountedpartition" />
  </pam_mount>

To manage notifications about this bug go to:
https://bugs.launchpad.net/user-mounts/+bug/996806/+subscriptions

More information about the foundations-bugs mailing list