Encrypted home folder still accessible after logout

Known bug

If I understand correctly, this is a known bug.

See this link: wiki.archlinux.org/index.php/ECryptfs

Scroll down to the pink paragraph

Warning: Unfortunately the automatic unmounting is susceptible to break with systemd and bugs are filed against it ...

Work-around

As it is now, you had better shut down or reboot in order to remove the traces (It is not enough to log out).

I have been researching this issue for quite some time, i.e., unecrypted file system remains mounted after user logout.

I used "ecryptfs-migrate-home -u user" to create mount. followed directions and all works except no auto-unmount at logout.

I compared the config files in /etc/pam.d/ to pam_ecryptfs documentation and found the some differences. ecryptfs was in 4 of the pam.d config files whereas the pam_ecryptfs docs indicate just 2 files need/should/support ecryptfs, e.g.,

   /etc/pam.d/common-auth:
              auth    required        pam_ecryptfs.so unwrap
   /etc/pam.d/common-session:
              session optional        pam_ecryptfs.so unwrap

So, I commented out the other 2 instances, rebooted, and it all worked, auto-mounts at login and auto-unmounts on logout for both graphical and console logins. (I used alternate tty's to verify from root account)

This is on 18.04 Lubuntu on laptop, desktop and virtualbox guest (windows host).

I am interested in others experience.

edit_1: improved wording. edit_2: added desktop and VB test results.

I can't test or confirm this, but assuming that you are using ecryptfs (which is what Ubuntu offers during install, IIRC), the encrypted data is stored in a hidden folder /home/.encryptfs/$USER and mounted to your actual home folder's location using the ecryptfs driver when you log in.

Most likely, then, what is happening is that when you log out, it fails to automatically unmount that directory, so the files are still accessible. This could be caused by...

• a bad config (perhaps it was supposed to be configured to unmount on logout but wasn't)
• unexpected logout type (sometimes these solutions work for the DM login/out but don't work well otherwise)
• if the unmounting is handled by a logout script (not necessarily the case), something preceding the unmount command could fail and cause the script to exit early.

One thing that can help you check this would be to run sudo mount | grep home before login, after login, and after logout to see if anything involving home is being mounted. You could also look in /etc/fstab for relevant entries. Finally, there is some config in /home/.ecryptfs/$USER/.ecryptfs/ with pertinent settings to automounting/unmounting.

Useful information about ecryptfs can be found in this answer and in the ever-helpful ArchWiki.