pam_mount is not being called during ssh logout on RedHat based systems

Question

I am trying to mount both nfs and cifs shares on Linux(Ubuntu and Redhat) via pam_mount This is the volume I am having in my /etc/security/pam_mount.conf.xml

<volume
fstype="nfs"
server="10.49.0.86"
path="/data"
mountpoint="/mnt"
/>

When I ssh to the either of the distributions(Ubuntu or RedHat) I am able to mount the remote share.

But, when I exit from ssh session, the remote share is not getting unmounted on RedHat based systems. It is getting unmounted on Ubuntu22.04 as expected.

But unmount works fine on sudo session on RedHat too.

I have tried on Rocky8,REHL8 and Oracle8, the same behavior is seen.

Here I am pasting the journalctl logs during ssh logout on both RHEL8 and Ubuntu22 boxes, it can be clearly seen that pam_mount module is not being called on RHEL8 during ssh logout.

Ubuntu22

========

Jul 26 13:01:04 adc-client02 sshd[139499]: Received disconnect from 10.49.0.181 port 52366:11: disconnected by user

Jul 26 13:01:04 adc-client02 sshd[139499]: Disconnected from user yogilocal 10.49.0.181 port 52366

Jul 26 13:01:04 adc-client02 sshd[139422]: pam_unix(sshd:session): session closed for user yogilocal

**Jul 26 13:01:04 adc-client02 sshd[139422]: (pam_mount.c:706): received order to close things

Jul 26 13:01:04 adc-client02 sshd[139422]: command: 'pmvarrun' '-u' 'yogilocal' '-o' '-1'

Jul 26 13:01:04 adc-client02 sshd[139422]: (pam_mount.c:441): pmvarrun says login count is 0

Jul 26 13:01:04 adc-client02 sshd[139422]: (mount.c:880): going to unmount

Jul 26 13:01:04 adc-client02 sshd[139422]: (mount.c:246): Mount info: globalconf, user=yogilocal <volume fstype="nfs" server="10.49.0.86" path="/data" mountpoint="/mnt" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0

Jul 26 13:01:04 adc-client02 sshd[139422]: command: 'ofl' '-k0' '/mnt'

Jul 26 13:01:04 adc-client02 sshd[139422]: command: 'umount' '/mnt'

Jul 26 13:01:04 adc-client02 systemd[1]: mnt.mount: Deactivated successfully.

Jul 26 13:01:04 adc-client02 sshd[139422]: (pam_mount.c:743): pam_mount execution complete

Jul 26 13:01:04 adc-client02 sshd[139422]: (pam_mount.c:116): Clean global config (0)

Jul 26 13:01:04 adc-client02 sshd[139422]: (pam_mount.c:133): clean system authtok=0x559a9531de20 (0)

**Jul 26 13:01:04 adc-client02 systemd[1]: session-507.scope: Deactivated successfully.

Jul 26 13:01:04 adc-client02 systemd-logind[838]: Session 507 logged out. Waiting for processes to exit.

Jul 26 13:01:04 adc-client02 systemd-logind[838]: Removed session 507.

Jul 26 13:01:14 adc-client02 systemd[1]: Stopping User Manager for UID 1102...

Jul 26 13:01:14 adc-client02 systemd[139436]: Stopped target Main User Target.

Jul 26 13:01:14 adc-client02 systemd[139436]: Stopped target Basic System.

Jul 26 13:01:14 adc-client02 systemd[139436]: Stopped target Paths.

Jul 26 13:01:14 adc-client02 systemd[139436]: Stopped target Sockets.

Jul 26 13:01:14 adc-client02 systemd[139436]: Stopped target Timers.

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed D-Bus User Message Bus Socket.

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed GnuPG network certificate management daemon.

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed GnuPG cryptographic agent and passphrase cache (access for web browsers).

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed GnuPG cryptographic agent and passphrase cache (restricted).

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed GnuPG cryptographic agent (ssh-agent emulation).

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed GnuPG cryptographic agent and passphrase cache.

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed debconf communication socket.

Jul 26 13:01:14 adc-client02 systemd[139436]: Closed REST API socket for snapd user session agent.

Jul 26 13:01:14 adc-client02 systemd[139436]: Removed slice User Application Slice.

Jul 26 13:01:14 adc-client02 systemd[139436]: Reached target Shutdown.

Jul 26 13:01:14 adc-client02 systemd[139436]: Finished Exit the Session.

Jul 26 13:01:14 adc-client02 systemd[139436]: Reached target Exit the Session.

Jul 26 13:01:14 adc-client02 systemd[1]: user@1102.service: Deactivated successfully.

Jul 26 13:01:14 adc-client02 systemd[1]: Stopped User Manager for UID 1102.

Jul 26 13:01:14 adc-client02 systemd[1]: Stopping User Runtime Directory /run/user/1102...

Jul 26 13:01:14 adc-client02 systemd[1]: run-user-1102.mount: Deactivated successfully.

Jul 26 13:01:14 adc-client02 systemd[1]: user-runtime-dir@1102.service: Deactivated successfully.

Jul 26 13:01:14 adc-client02 systemd[1]: Stopped User Runtime Directory /run/user/1102.

Jul 26 13:01:14 adc-client02 systemd[1]: Removed slice User Slice of UID 1102.

RHEL8

=====

Jul 26 13:03:05 adm-00000387 sshd[29036]: Received disconnect from 10.49.73.44 port 44052:11: disconnected by user

Jul 26 13:03:05 adm-00000387 sshd[29036]: Disconnected from user yogilocal 10.49.73.44 port 44052

Jul 26 13:03:05 adm-00000387 sshd[29006]: pam_unix(sshd:session): session closed for user yogilocal

Jul 26 13:03:05 adm-00000387 systemd[1]: session-46.scope: Succeeded.

Jul 26 13:03:05 adm-00000387 systemd-logind[871]: Session 46 logged out. Waiting for processes to exit.

Jul 26 13:03:05 adm-00000387 systemd-logind[871]: Removed session 46.

Jul 26 13:03:15 adm-00000387 systemd[1]: Stopping User Manager for UID 1101...

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped target Default.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped target Basic System.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped target Timers.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped Mark boot as successful after the user session has run 2 minutes.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped target Sockets.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Stopped target Paths.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Closed D-Bus User Message Bus Socket.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Reached target Shutdown.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Started Exit the Session.

Jul 26 13:03:15 adm-00000387 systemd[29010]: Reached target Exit the Session.

Jul 26 13:03:15 adm-00000387 systemd[1]: user@1101.service: Succeeded.

Jul 26 13:03:15 adm-00000387 systemd[1]: Stopped User Manager for UID 1101.

Jul 26 13:03:15 adm-00000387 systemd[1]: Stopping User runtime directory /run/user/1101...

Jul 26 13:03:15 adm-00000387 systemd[1]: run-user-1101.mount: Succeeded.

Jul 26 13:03:15 adm-00000387 systemd[1]: user-runtime-dir@1101.service: Succeeded.

Jul 26 13:03:15 adm-00000387 systemd[1]: Stopped User runtime directory /run/user/1101.

Jul 26 13:03:15 adm-00000387 systemd[1]: Removed slice User Slice of UID 1101.

sudo logs from Redhat:

======================

`[root@adm-00000387 ~]# sudo su - yogilocal

[yogilocal@adm-00000387 ~]$mount

---

10.49.0.86:/data on /mnt type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.49.73.44,local_lock=none,addr=10.49.0.86)`

[yogilocal@adm-00000387 ~]$exit

**Journalctl logs**

Jul 26 13:07:31 adm-00000387 su[29348]: pam_unix(su-l:session): session closed for user yogilocal

**Jul 26 13:07:31 adm-00000387 su[29348]: (pam_mount.c:706): received order to close things

Jul 26 13:07:31 adm-00000387 su[29348]: command: 'pmvarrun' '-u' 'yogilocal' '-o' '-1'

Jul 26 13:07:31 adm-00000387 su[29348]: (pam_mount.c:441): pmvarrun says login count is 0

Jul 26 13:07:31 adm-00000387 su[29348]: (mount.c:885): going to unmount

Jul 26 13:07:31 adm-00000387 su[29348]: (mount.c:263): Mount info: globalconf, user=yogilocal <volume fstype="nfs" server="10.49.0.86" path="/data" mountpoint="/mnt" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0

Jul 26 13:07:31 adm-00000387 su[29348]: command: 'ofl' '-k0' '/mnt'

Jul 26 13:07:31 adm-00000387 su[29348]: command: 'umount' '/mnt'

Jul 26 13:07:31 adm-00000387 systemd[1]: mnt.mount: Succeeded.

Jul 26 13:07:31 adm-00000387 su[29348]: (pam_mount.c:743): pam_mount execution complete

Jul 26 13:07:31 adm-00000387 su[29348]: (pam_mount.c:116): Clean global config (0)**

Jul 26 13:07:31 adm-00000387 sudo[29329]: pam_unix(sudo:session): session closed for user root

Jul 26 13:07:31 adm-00000387 sudo[29329]: (pam_mount.c:706): received order to close things

Jul 26 13:07:31 adm-00000387 sudo[29329]: command: 'pmvarrun' '-u' 'root' '-o' '-1'

Jul 26 13:07:31 adm-00000387 sudo[29329]: (pam_mount.c:441): pmvarrun says login count is 4

Jul 26 13:07:31 adm-00000387 sudo[29329]: (pam_mount.c:735): root seems to have other remaining open sessions

Jul 26 13:07:31 adm-00000387 sudo[29329]: (pam_mount.c:743): pam_mount execution complete

Jul 26 13:07:31 adm-00000387 sudo[29329]: (pam_mount.c:116): Clean global config (1073741824)

Any idea what could be the reason for shares being not unmounted during ssh logout on Redhat based systems?

pam_mount is not being called during ssh logout on RedHat based systems

0 Answers0