Ubuntu Security :: Ecryptfs: Keyring Not Cleared On Logout?
Jan 17, 2010
On a fresh karmic install, I have a user account with ecryptfs enabled home directory. I want that directory to be secured when I log out.
I have two administrator accounts, user1 and user2. I log in as user1 (with ssh, will test regular logins tomorrow), /home/user1/.Private gets mounted to /home/user1, everything is fine. I log out.
I log in as user2, and /home/user1/.Private is indeed unmounted. But I can do
Code:
sudo su - user1
which will ask me for the password of user2, and then I am logged in as user1, /home/user1/.Private is again mounted, without ever typing the password of user1.
On the other hand if I invoke
Code:
ecryptfs-umount-private
I am running Red Hat Enterprise Linux AS release 4 (Nahant Update 7). The server was recently rebooted and wouldn't come up. After some investigation we found that the system would not boot because several files had been zero'd out (not deleted):
* All of these files had a date of March 11, 2010 with a time 03:46 * A zero byte file called /halt was also found with a date of 08:46
We could manually boot to the latest kernel, but none of the startup scripts would run. We analyzed the system looking for any file created on March 11 that were also 0 bytes. Once we had a list, we were able to determine that the system could be recovered without a full blown reinstallation of the OS.
We did a rescue boot from the installation CD, mounted the system volume privately, and edited the grub.conf file. We then brought up the network and copied the needed files from another RHEL v4.7 system. Rebooted the server and check the OS, databases, and apps.
My question is - Has anyone seen this behavior before? I seems like we may have been cracked or at the very least someone has cleared the files needed to recover the system smoothly.
I used ecryptfs on a Private directory. It has about 5GB of data, but no matter what I do I can't free space in there. I have tried to delete some GBs to no avail. System monitor still shows me 5GB.
After a disastrous upgrade to 10.04 I am at my wits end trying to recover my /home partition from my unbootable system. The /home partition is part of a RAID5 array across 4 disks and I've been trying to use some disk imaging tools from Ultimate Boot CD to recover it with, but none of the utilities seem to recognize or will let me work with my multi-disk device.
Currently I've been booting up with a Live CD in attempts to mount the encrypted partition then copy all the files to an external device I bought, but the mounting process has presented me with some problems. The partition in encrypted with ecryptfs and I have both the disk's passphrase as well as an FNEK signature to work with. Attempting the following:
Code:
Another small issue is the cipher I used. I don't remember which kind of encryption the disk is encrypted with (80% sure it's aes though). I assume figuring out which cipher I used will be more like a guessing game through the ecryptfs mount prompt, but I'm wondering if this would affect the error message I get.
I'm getting "Low Disk Space" warnings in Ubuntu 10.04, because of eCryptfs, which somehow manages to eat up twice as much disk space as an unencrypted partition normally would.When I click "Examine" this is the picture that I see:(the blurred out part is my username of course)Why is this happening?And most importantly, what can I do about it?Does Ubuntu expect me to buy twice as much disk space just to encrypt it?!
if it's possible to use a white or blacklist to control which folders are ecryptfs encrypted when you're using the "encrypted home folder" option.
Of course I can always create an extra folder outside of my ~ and then symlink what I don't want encrypted into it, but I'd rather that it's possible to create like, ~/.ecryptsfs/excludelist with a list of paths that shouldn't be encrypted.
I recently installed 32bit maverick and wanted to make it login automatically. I tried enabling auto login from Admin > Login but that didnt work and I was still prompted for my password. Then I went to Users & Groups and changed the password option to Do Not ask for password at login now after I reboot, the user list is shown (only 1 user) and it doesnt ask for password after I click on my username.
However, then it gives a few errors (as i vaguely recall):
1. cannot load .ICE directory in my home directory 2. some error 256 about a gconf-sanity-2 file 3. nautilus cannot load my home directory etc
and then it gets stuck without loading anything (blank wallpaper). i ve tried navigating to my home directory using Alt F2, gksudo nautilus and my home dir contents are encrypted by the ecryptfs (there is a readme.txt file and a shortcut). i have tried to decrypt but it doesnt work... i ve also tried to start/stop gdm, and startx but nothing works. if i stop gdm, then the prompt doesnt recognize my password and keeps on rejecting the commands i enter... I think this has something to do with the home dir not being decrypted due to the dont ask for paswd option... how can i disable the dont ask for pwd without the gui (i can access my / by booting through an external usb).
It seems to me that he passwords kept in GNU Keyring Seahorse, are not kept very safe, because if I'm logged in and someone access my cumputer they can see my passwords that are saved there. I have set a keyring password, but it seems that is it not all the time locked.What are some general follow guide rulles to make sure my passwords are kept safe and my encryption keys that I use.
Every time I log in, I get the "password for keyring default" question two or three times, unless I enter it immediately as it pops up, sometimes even that doesn't prevent it from respawning. What could be causing this? I'm using Maverick.
P.S. Hmm, I don't think I'll be watching the lunar eclipse much now, the sky is covered with smoke, maybe it's lunar apocalypse.
I think this counts as a security question. I didn't know where else to place this.It's really preventing me from doing some things, such as setting up the Empathy IM program for chatting and whatnot, and this default keyring really haulting any progress I can make on that front. It also pops up when I'm just booting up the laptop. My brother set the password and then forgot, so he tried all of these passwords and it would never work. It always pops back up several moments later and reiterates its question. It goes away when I click on 'Deny', but now I can't follow that same route when trying to set Empathy IM Client up. I would like to either do away with this password requirement, or just change it to something I can easily remember
I just reinstalled ubuntu lucid after accidentally damaging it, And I used all the same passwords and user names as before, I can login fine, and I can do sudo commands, but the gnome keyring wont accept my password, I tried changing my password using Applications>accessories>Passwords and encryption but that didn't work. How can I fix this so that keyring will accept my password, I need it to save my wireless router password.
For a while now, firefox has been prompting gnome-keyring (twice)
There is one applet i know of on my system that wants me to enter my keyring pw twice "CPU Frequency Scaling Monitor" (i have a core2-duo cpu, a monitor for each cpu), but i have no clue why ff would be invoking a change in how ubuntu controls that app.
Is there any way of finding out, which application (or perhaps an add-on?) is actually asking for my keyring-pw (the input window just says "an application..." not like e.g. "synaptic package manager...".
Is there a way to identify exactly what application is asking for keyring access at the given time? I get this query every boot and it's getting annoying. The annoyance is there, but more importantly and from a personal security standpoint on desktop systems, it's pretty bad that it doesn't say what application want's the access.
I have Ubuntu 10.04 configured to login with Kerberos (as in [url]). Everything works fine, except gnome-keyring-daemon:
-If I login with a local user, gnome-keyring-daemon works right. Besides, the keyring is automatically unlocked with the login password.
-If I login with a Kerberos user:
- The session startup is considerably slower.
- /var/log/auth.log says something like:
Code:
- If I execute a program that needs the gnome-keyring (like Evolution), is desperately slow, and it says:
Code:
Message: secret service operation failed: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
- If I kill all gnome-keyring-daemon (killall gnome-keyring-daemon), start a new one (gnome-keyring-daemon), and restart the application that uses the gnome-keyring, it works fine, but it ask me for the password to unlock the keyring (I think that this is the normal behaviour if gnome-keyring-daemon did not start before).
I have seen the configurations in /etc/pam.d and everything looks fine (with pam_gnome_keyring.so). Indeed, I think that if something was wrong here, the local user would not have the keyring unlocked automatically.
I would like to use a wireless network, I type in the correct password but suddenly a new window pops up saying: 'an application wants to access to the keyring 'Vorgabe', but its is locked password:'
But I don't know what password it's talking about I went to Password and Encryption keys, there are two folders 'password: vorgabe' 'Password: login'
When I installed Ubuntu (Lucid) on my new computer, As well as the login password I was asked for a keyring password. I gave one, but I am not sure exactly why I need this password. It seems that it was required to let me access the wifi - even though this has its own security code. I found I could stop the system asking for it every time I tried to connect to the internet using wifi by checking a button in the network setup, but when I registered for Ubuntu One, I was again asked for it - twice, once when I registered and again when I set up Tomboy notes sync. Now I get asked for it again every time I switch on.
I would like to know why the keyring passwords are needed in addition to the login password for a single user computer, which mine is and also how I can stop it asking for this password when I switch the computer on. One suggestion I have seen is to make the keyring password the same as my login password. If that is the case, then how do I change the keyring password?
I have a problem where I am asked to unlock the keyring every time I use Evolution.I enter my password on the user select screen and login and have evolution save my email password but whenever I open the program it asks for the same password as I use to login. For security reasons I need to have my password requested at login but don't feel I need it for evolution as I thought my email password was enough.
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code: CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0) CRON[2971]: pam_unix(cron:session): session closed for user root
I have a standard home set-up for my Ubuntu OS, and I would like to know whether its possible to cut out the repetitive prompts to enter the password, as when you connect to the internet or access files on a partition that's not home, or install new software.
I just changed my password now every time I start my computer the keyring wants my old password and it keeps doing weird things even after I type it in. Like Ubuntu will say No keyring found or something to that effect anyway.
It's been awhile since I've been on here. I suppose that can be considered a good thing, since I made the completely transfer to Ubuntu three months ago and everything's been running completely smoothly. Anyway, security is a pretty big thing to me. I usually change the root password, take sudo off (and default gksu, not gksudo), encrypt my hard drives, etc... One thing I also do is create a separate password for my login keyring. I don't mind having to enter one extra password at login, but it started prompting two times, and now three. It's the same password every time, so my question is..
After installing ubuntu 10.10 on pc i had it running fine for roughly 2 weeks. i have selected automatic login so i do not need to mess about logging in etc, but recently my pc asks for my password to unlock keyring once it shows my desktop.
Following bad instructions too fast to reset the default keyring password I deleted the file .gnome2/login.keyring ! I can still login and get to a terminal and do instructions from there. I can also still login with root and a guest account. But my desktop is just blank and I can't, even as a root, access my files.
As a normal user I have activated the functions of the Quit applet, i.e. Logout, Shutdown and Restart are active buttons. I am able to restart or shutdown, no problems. But when I use the Logout button I don't get logged out, just returned to the login shell & I am still logged in as my user. I don't have a display manager installed and I do NOT want to use a display manager such as XDM or GDM. How do I get the Logout button to actually logout the user? It appears I am only getting logged out of the x-session, but I want complete logout.
when I quit Ubuntu Forums, I getvBulletin MessageAll cookies cleared! When I restart, I have to LogIn againWhere do I fix it, so that Cookies are not cleared on LogOut?(I'm using Win2K and FireFox 3.6.3)nFireFox Privacy Clear History when FireFox closes.ccept cookies from Third Party is checked
I installed 11.04 server and had samba share /tmp (as advised by the server pdf doc) shared to my windows 7 laptop, which was all well and good, so copied some files to it and rebooted the server, and they had been removed.i guess i shouldnt have put anything in /tmp as i presume this is cleared on reboot, so why did the documentation advise to create /tmp share?
We are having an issue with our application where once we start making a few hundred connections to our Linux server, our connections are staying in the established state. When our app is working fine, the client sends a basically a heartbeat every five minutes. It is all nice and clean, receives the FIN and shuts down and that's that. tcpdump as follows:
Code: 12:53:10.965206 IP serverA.xxx.xxx.com.40315 > serverB.xxx.xxx.com.1234: . ack 2 win 46 <nop,nop,timestamp 3299017001 2043788445> 12:58:10.892878 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: S 494392992:494392992(0) win 5840 <mss 1460,sackOK,timestamp 3299316941 0,nop,wscale 7> 12:58:10.894882 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: . ack 3318963465 win 46 <nop,nop,timestamp 3299316941 2044088355> 12:58:10.894886 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: P 0:78(78) ack 1 win 46 <nop,nop,timestamp 3299316941 2044088355> .....
Then things start getting busy, and it ends up looking like this: Code: 01:28:10.493760 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344315513 0,nop,wscale 7> 01:28:13.491231 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344318513 0,nop,wscale 7> 01:28:13.491755 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: . ack 3597595480 win 46 <nop,nop,timestamp 3344318513 2089089105> ....
What could be the cause if the fin was received at 01:28:13.492743, but hours later this connection is still established: gateway 16514 root 111u IPv4 2714750 TCP serverB.xxx.xxx.com:1234->serverA.xxx.xxx.com:41132 (Established) There is no corresponding connection in the client's netstat.
I use full encryption on this net-book, with the help of LUKS. One key part of the setup is to configure /etc/sysconfig/bootloader with the initial boot options (along the lines of
Code: root=/dev/mapper/root luks_root=/dev/sda5 luks_home=/dev/sda5 luks_swap=/dev/sda2 luks="root home swap" ). That way a kernel update is installed properly, usually...
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
I always get this prompt in Ubuntu and the option to auto login is grayed out so i cant choose it. Its not a serious issue but does anybody know how to unlock it when i sign in on Ubuntu 11.4?
