I've configured pam_mount.so to automagically mount a cifs share when users login; the problem is if a user logs into multiple times simultaneously, the mount command is repeated multiple times.
This so far isn't a problem but it's messy when you look at the output of a mount command.
# mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)
I'm assuming I need to fiddle with either the pam.d/common-auth file or pam_mount.conf.xml to accomplish this.
How can I instruct pam_mount.so to avoid duplicate mountings?
[Edit]
The contents of my pam_mount.conf.xml file:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="1" />
<volume user="*" server="srv1" path="UserShares" mountpoint="home" fstype="cifs" />
<cifsmount>mount -t cifs //%(SERVER)/%(VOLUME)/%(USER) %(MNTPT)/%(USER) -o "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</cifsmount>
<umount>umount %(MNTPT)/%(USER)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
Why not use autofs?
Make sure you put a trailing slash for "path" (eg path="userShares/")like so:
The problem is that a trailing slash is added to the entry in /etc/mtab. So when pam_mount is called again, it cannot see an exact match, so will mount the share again, hence you have multiple mounts.
See this bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586009
"Multiple simultaneous logins" is probably the key. More than likely, what's happening is that the second and subsequent mount commands are getting launched prior to the first mount command finishing. This seems very likely, given how slow network mount commands run. What you probably need is some sort of shared memory / state file / etc which can make sure that only one mount process will start up. Well, at least until the pam_mount author works in a long-term fix for that race condition... :)
You might look at the pam_tally module. You could use that module to maintain a login counter per-user, and deny if the count is over 1. In the control field, then, you could set it up so that the pam_mount module is skipped if pam_tally fails. Specifically, I think maybe something like this would work:
...Or something along those lines. The am_tally2 module would also work, if you need some external system to also manipulate the counter, say, when you manually unmount a filesystem or something (since pam_tally2 comes with a binary that can be used to manipulate the counts).
The offending line was in my
pam_mount.conf.xmlfile:should be:
With the value set to true, the
pam_mount.somodule was trying to remove/home/$USER/from the system, not, as I assumed,./$USERin the/home/directory.I suspect that pam_mount is failing to unmount the directory. Could you please confirm if the directory remains mounted after the user logged out with a
mount?If that's the case, the only solution I know of is using pam_script to run a
umount -l /home/$USERon session close.Best of luck,
João Miguel Neves