"Houdini" cronjobs and files on eCryptfs

Asked by Armin Kunaschik on 2010-12-07

I'm running vanilla ecrypt-fs of Ubuntu 10.10 and encrypted the whole home directory of the user "user".
The encrypted home is generated with "ecryptfs-migrate-home -u user". No additional configuration.
The ecryptfs mount looks like this:
/home/user/.Private on /home/user type ecryptfs ....

I have a script inside the encrypted home called /home/user/garbage.sh containing the following line:
/bin/date >>/home/user/garbage.out

Now I'm creating a cronjob with the following crontab entry:
0-59 * * * * /home/user/garbage.sh

The cronjob runs as expected when I'm logged in.
I logout and the ecryptfs mount disappears as expected.
"ls -l ~user" as root lists no garbage.* files.
Now I would expect that cron would fail to locate the script after I logout.
But this is not the case. The cronjob continues to run and is writing the timestamp every minute.
If I login again, I find the timestamp correctly written into the encrypted file. How is this possible?

Logging out again as user "user".
Now when I terminate cron (service cron stop), the cronjob is not executed anymore... this is expected.
I'd expect (again) that cron does not find the script when I re-start cron shortly after it's termination.
But now (at least to me) the unexplainable happens:
1. The cronjob continues to be executed.
2. The script continues to write timestamps into the encrypted file.

Logging in again as user "user" verifies: The timestamps were written to the file when user "user" was not logged in
and ecryptfs was not mounted.

Could anybody explain this trick to me?
It looks like a bug to me, but I want to make sure it's not a feature...
Thanks in advance!

Question information

Language:
English Edit question
Status:
Answered
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Last query:
2011-01-21
Last reply:
2011-01-21
Launchpad Janitor (janitor) said : #1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

Is this normal behavior??? Anybody?
That would mean that the encryption does NOT EXIST for everybody with root privileges... after the user logged in once!?
This looks to me as if it would be a big security hole... or it's a poor default setup. This should at least be documented somewhere.

Launchpad Janitor (janitor) said : #3

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

I still need an answer...

Serge Hallyn (serge-hallyn) said : #5

When you logout, your home directory is not being unmounted. This may well be a known bug, and you might ask on oftc#ecryptfs about that. However I think that sounds like a bug. Please feel free to convert this question to a bug against ecryptfs-utils. Assign it to me and I will investigate further.

Bug #706078 created.

Can you help with this problem?

Provide an answer of your own, or ask Armin Kunaschik for more information if necessary.

To post a message you must log in.