[Bug 1053490] [NEW] sudo -n still asks for a password if the user has volumes that are pam_mount'ed on login

Jan 1053490 at bugs.launchpad.net
Thu Sep 20 15:53:07 UTC 2012 

Public bug reported:

what happens:

If a user has pam_mount configured to automatically mount fuse encfs-
encrypted volumes on login, and someone does a

sudo -n -u target_user foo

he/she still gets promted for the password because pam_mount has decided
it needs one to mount the volumes, effectively ignoring the -n option.
This makes it impossible to use in noninteractive scripts.


what should happen:

sudo -n should never ask for a password. pam_mount should not attempt to
mount encrypted volumes in this case.


steps to reproduce: 
- Create an encrypted fuse-encfs volume using encfs or the cryptkeeper gui frontend, use your login password as encryption password. 
- Add the following line to /etc/security/pam_mount.conf.xml:
<volume user="<username>" fstype="fuse" path="encfs#/home/<username>/.<encfs_mountpoint>_encfs" mountpoint="/home/<username>/<encfs_mountpoint>" />
- do "sudo -u <username> echo hello world" so sudo caches your authentication
- do "sudo -n -u username echo hello world"


system: 
Ubuntu 12.04
sudo  1.8.3p1-1ubuntu3.3
libpam-mount 2.10-2build1

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1053490

Title:
  sudo -n still asks for a password if the user has volumes that are
  pam_mount'ed on login

Status in “sudo” package in Ubuntu:
  New

Bug description:
  what happens:

  If a user has pam_mount configured to automatically mount fuse encfs-
  encrypted volumes on login, and someone does a

  sudo -n -u target_user foo

  he/she still gets promted for the password because pam_mount has
  decided it needs one to mount the volumes, effectively ignoring the -n
  option. This makes it impossible to use in noninteractive scripts.

  
  what should happen:

  sudo -n should never ask for a password. pam_mount should not attempt
  to mount encrypted volumes in this case.

  
  steps to reproduce: 
  - Create an encrypted fuse-encfs volume using encfs or the cryptkeeper gui frontend, use your login password as encryption password. 
  - Add the following line to /etc/security/pam_mount.conf.xml:
  <volume user="<username>" fstype="fuse" path="encfs#/home/<username>/.<encfs_mountpoint>_encfs" mountpoint="/home/<username>/<encfs_mountpoint>" />
  - do "sudo -u <username> echo hello world" so sudo caches your authentication
  - do "sudo -n -u username echo hello world"

  
  system: 
  Ubuntu 12.04
  sudo  1.8.3p1-1ubuntu3.3
  libpam-mount 2.10-2build1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1053490/+subscriptions

More information about the foundations-bugs mailing list