Multiple logins with pam_mount means multiple (redundant) mounts ...

I've configured pam_mount.so to automagically mount a cifs share when users login; the problem is if a user logs into multiple times simultaneously, the mount command is repeated multiple times.

This so far isn't a problem but it's messy when you look at the output of a mount command.

# mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)
//srv1/UserShares/jrisk on /home/jrisk type cifs (rw,mand)

I'm assuming I need to fiddle with either the pam.d/common-auth file or pam_mount.conf.xml to accomplish this.

How can I instruct pam_mount.so to avoid duplicate mountings?

---

[Edit]

The contents of my pam_mount.conf.xml file:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
  <debug enable="1" />
  <volume user="*" server="srv1" path="UserShares" mountpoint="home" fstype="cifs" />
  <cifsmount>mount -t cifs //%(SERVER)/%(VOLUME)/%(USER) %(MNTPT)/%(USER) -o "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</cifsmount>
  <umount>umount %(MNTPT)/%(USER)</umount>
  <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
  <mntoptions require="nosuid,nodev" />
  <path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
  <logout wait="0" hup="0" term="0" kill="0" />
  <mkmountpoint enable="1" remove="true" />
</pam_mount>

From serverfault Jamie

• "Multiple simultaneous logins" is probably the key. More than likely, what's happening is that the second and subsequent mount commands are getting launched prior to the first mount command finishing. This seems very likely, given how slow network mount commands run. What you probably need is some sort of shared memory / state file / etc which can make sure that only one mount process will start up. Well, at least until the pam_mount author works in a long-term fix for that race condition... :)

  You might look at the pam_tally module. You could use that module to maintain a login counter per-user, and deny if the count is over 1. In the control field, then, you could set it up so that the pam_mount module is skipped if pam_tally fails. Specifically, I think maybe something like this would work:

  auth [success=ignore default=1] pam_tally.so deny=1 onerr=succeed no_lock_time no_reset
  auth optional pam_mount.so pam_mount_options
  

  ...Or something along those lines. The am_tally2 module would also work, if you need some external system to also manipulate the counter, say, when you manually unmount a filesystem or something (since pam_tally2 comes with a binary that can be used to manipulate the counts).

  dannysauer : Or you could just symlink /etc/mtab to /proc/mounts, since /proc/mounts won't have dups. ;)

  Jamie : I tried `pam_tally.so`: most likely a syntax thing but I couldn't get to work.
  From dannysauer

• The offending line was in my pam_mount.conf.xml file:

  <mkmountpoint enable="1" remove="true" />
  

  should be:

  <mkmountpoint enable="1" remove="false" />
  

  With the value set to true, the pam_mount.so module was trying to remove /home/$USER/ from the system, not, as I assumed, ./$USER in the /home/ directory.

  Jamie : I was mistaken, this didn't to correct the problem above.
  From Jamie

• I suspect that pam_mount is failing to unmount the directory. Could you please confirm if the directory remains mounted after the user logged out with a mount?

  If that's the case, the only solution I know of is using pam_script to run a umount -l /home/$USER on session close.

  Jamie : Thanks for the suggestion. I find again that I'm impressed with all the optional libraries PAM supports. This library strikes me as a little inelegant and circumventing the issue rather than addressing it.

  jneves : I agree. I ended up using pam_script handling both mount and umount in a custom script done by me.
  From jneves

• Why not use autofs?

  From Warner