Bug 1174366 - Automount of ~/Private does not work after upgrading from F20 to F21
Summary: Automount of ~/Private does not work after upgrading from F20 to F21
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm
Version: 21
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact: Fedora Extras Quality Assurance
Depends On: 1183090
TreeView+ depends on / blocked
Reported: 2014-12-15 18:02 UTC by Piergiorgio Sartor
Modified: 2015-12-02 07:49 UTC (History)
11 users (show)

Fixed In Version: gdm-3.14.1-2.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-01-17 23:58:20 UTC
Type: Bug

Attachments (Terms of Use)

Description Piergiorgio Sartor 2014-12-15 18:02:26 UTC
Description of problem:
This is similar to #1165578 and #1174278, only that, in this case SELinux is disabled.

 ~]# selinuxenabled || echo disabled

Basically, login from GDM results in ~/Private not mounted, while login from console (after ctrl-alt-F2) result in ~/Private mounted.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Upgrade from F20 to F21 having the ecryptfs setup working properly, i.e. automounting ~/Private on login (this required authconfig configuration).
SELinux must be disabled.
Login from GDM

Actual results:
Login succeed, but ~/Private is not mounted.

Expected results:
~/Private should be mounted, after login.

Additional info:
This bug is filed as requested, since in the other mentioned one SELinux is either enabled or in permissive mode, while here is fully disabled.

Comment 1 Michal Hlavinka 2014-12-17 15:19:43 UTC
GDM owner:

Short version:
New GDM in Fedora 21 changed content of PAM configuration which broke things, please add it back.

Long version:
A long time ago, pam added postlogin pam config, which was designed to be the place where other services can add their hooks if they need to do something during auhtentication or session creation. Before it, it was ugly mess, as services had to add their hooks to too many places and it often broke a thing or two. With postlogin, everyone can decide where exactly it can call postlogin, where it is safe a won't affect the logic. This (postlogin) is used for example for ecryptfs-utils for automatic home or Private folder decryption. It makes sure that it gets automatically decrypted when user authenticates and new session is created. GDM in Fedora 21 removed postlogin and home directory does not decrypt for user when he logs in.

Comment 2 Dominik Grafenhofer 2014-12-17 19:01:47 UTC
I guess that there is already enough information on this. Just to be sure, I add my experience as well:

Login via GDM (I am using Gnome) fails for me. Instead of logging in, I get back to the GDM login screen. It seems that GDM does not decrypt my home directory. Login via the console works. Logging in first via the console, staying logged in there and then logging in via GDM works too.

Logfiles: see (original) bug #1165578

Comment 3 Stefan Hellermann 2015-01-13 17:05:40 UTC
I reverted this commit
by adding the relevant lines back to the files /etc/pam.d/gdm-* and now ecryptfs-mount-private is run automatically on login. Can this commit be reverted?

Comment 4 Ray Strode [halfline] 2015-01-14 14:19:22 UTC
I don't think postlogin is the best place for putting pam_ecryptfs, since if I revert the patch mentioned in comment 3, then postlogin will run for smartcard and fingerprint logins too (where there's no password available).  imo, it would be better if authconfig used roughly the same logic it uses for pam_mkhomedir for pam_ecryptfs.

I could add postlogin back, but then we need to revisit the last login messages situation.

Comment 5 Piergiorgio Sartor 2015-01-14 18:51:14 UTC
Hi Ray,

IMHO, if the problem is only the 'ugly "Last Login" messages', then I would say your suggestion is fine. Revert the change quickly, and let's think in the light of day to a proper solution.

I rather prefer an "ugly message" to a system not properly working...

Thanks a lot,



Comment 6 Michal Hlavinka 2015-01-15 15:59:27 UTC
Postlogin was added there because of ecryptfs, but it should be general place for other modules that need some place where they can add themself safely. It does not matter that in some cases (fingerprint) there will be no password available. It's been that way always and it can handle it well.

Comment 7 drago01 2015-01-16 15:04:41 UTC
(In reply to Piergiorgio Sartor from comment #5)
> Hi Ray,
> IMHO, if the problem is only the 'ugly "Last Login" messages', then I would
> say your suggestion is fine. Revert the change quickly, and let's think in
> the light of day to a proper solution.
> I rather prefer an "ugly message" to a system not properly working...

Its not about the message being ugly but that the delay the login process to show a pointless message 99.99% of the user do not even care about.

Comment 8 Fedora Update System 2015-01-16 15:49:46 UTC
gdm-3.14.1-2.fc21 has been submitted as an update for Fedora 21.

Comment 9 Ray Strode [halfline] 2015-01-16 15:50:31 UTC
tmraz any chance you could disable the message for f21?

Comment 10 Tomas Mraz 2015-01-16 16:20:08 UTC
I can modify authconfig to change the parameters but it will not affect the existing installs (or installs from DVDs/livecds) unless you rerun authconfig.

Comment 11 Fedora Update System 2015-01-17 05:49:10 UTC
Package gdm-3.14.1-2.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gdm-3.14.1-2.fc21'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 12 Dominik Grafenhofer 2015-01-17 08:43:04 UTC
gdm-3.14.1-2.fc21 works for me!

Comment 13 Fedora Update System 2015-01-17 23:58:20 UTC
gdm-3.14.1-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.