spurious mounts issued by gdm at login

Latest response

As we've been experimenting with redhat 7 in our environment to plan our move of 30 clients and a server to it (from 6.5) this summer, I noticed some very strange behavior which has since been attributed to gdm. We use NFS-automounted home directories, and the two machines running RH7 for a testing environment (to port all of our kickstart customizations to) had had GNOME3 installed using the default options. This means that the login screen displayed a user list that showed a history of all users that had previously logged in.
I noticed in the logs of the server that there were a large number of strange NFS home directory mounts appearing that I could not explain. After a day of debugging I managed to tie it down to the gdm login screen. It seems that every time one user who appeared in the login menu logged onto the system, GDM touched the home directory of each user in the user list. This resulted in a number of unnecessary automounts (and umounts after timeout) each time a user logged in. To make matters worse, these spurious mounts occurred even if the user in question ssh-ed to the machine rather than logging in at the GUI!
I have attached some scrubbed lines of the messages and secure log file output from the server below to show a set of mounts and umounts that happen when an ssh connection is initiated. The machine in question only had three users in the user list, so the burden on the server was on onerous. However, our environment has about 500 student accounts, and each user can log into any system. I was anticipating 50 or so spurious mounts whenever a user logged on to any system.. a fiasco waiting to happen.
(I had to put this line in to avoid the next paragraph displaying huge (sigh):)
The solution was to disable the userlist using a dconf settings file in /etc/dconf/db/gdm.d. I can post the entire solution if necessary, but I still dont understand why all these mounts were occurring. Here's the data:
.......................................................................................................
--The GNOME3 login list includes gboyd, awong and ojames. The machine
--'homer' is the same as XX.31 (ip address removed)

--At 08:51 user gboyd logs on via ssh

Jan 21 08:51:57 homer sshd[31714]: pam_unix(sshd:session): session opened for user gboyd by (uid=0)

--gnome issues 3 mount requests - one for each home directory in its login list

Jan 21 08:51:56 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:873 for /home/gboyd (/home)
Jan 21 08:51:58 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:799 for /students/ojames (/students)
Jan 21 08:51:58 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:865 for /home/awong (/home)

--a few minutes later the unused mounts timeout and are unmounted:

Jan 21 08:57:33 shelbyville rpc.mountd[3201]: authenticated unmount request from XXX.31:674 for /students/ojames (/students)
Jan 21 09:02:43 shelbyville rpc.mountd[3201]: authenticated unmount request from XXX.31:738 for /home/awong (/home)

--at 09:11, the session is closed by gboyd. This results in the other users in
--the login list having their home directories mounted again. Note gboyd's is not
--mounted since it already is. It should be unmounted, but it is not...

Jan 21 09:11:46 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:735 for /students/ojames (/students)
Jan 21 09:11:46 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:719 for /home/awong (/home)

--A few minutes later, the spurious mounts time out and are unmounted, along with
--gboyd's mount:

Jan 21 09:17:43 shelbyville rpc.mountd[3201]: authenticated unmount request from XXX.31:627 for /home/awong (/home)
Jan 21 09:17:43 shelbyville rpc.mountd[3201]: authenticated unmount request from XXX.31:630 for /home/gboyd (/home)
Jan 21 09:18:48 shelbyville rpc.mountd[3201]: authenticated unmount request from XXX.31:657 for /students/ojames (/students)

--The process continues with the next login:

Jan 21 09:45:27 homer sshd[2355]: pam_unix(sshd:session): session opened for user gboyd by (uid=0)

Jan 21 09:44:30 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:1005 for /home/gboyd (/home)
Jan 21 09:45:29 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:965 for /students/ojames (/students)
Jan 21 09:45:29 shelbyville rpc.mountd[3201]: authenticated mount request from XXX.31:854 for /home/awong (/home)

--This all disappeared when the login-list was disabled in gdm using
-- dconf.
...........................................................................................

about our environment: still using NIS for student accounts on this local subnet (behind a firewall and not exposed to the Internet), with NFS-automounted home directories.

Responses

Did you have a look at the .profile/.bashrc for a command that could trigger these mounts?

I believe these mounts are "behind-the-scenes" activities exclusive to gnome (I'll have to log in to a headless machine to test if the mounts are there as well). I do not know if they are related to the behavior that Greg has seen

You will find a number of items
/run/user/id -u/dconf
/run/user/id -u/pulseaudio
/run/user/id -u/gvfs

The pulseaudio in particular seems interesting as I wonder if is checking the home directory for some sort of .dot configuration file for that user. Or.. I wonder if it is polling each user to determine if they had previously selected an alternate desktop environment to now display as option? I also thought I recalled seeing a bunch of mounts for uid=42 as well (gdm).

EDIT; the more I think about it... I am more confident that it is GDM trying to figure out how to customize the login shell based on user preferences. (I believe if you have Gnome, Gnome Classic and Gnome Wayland available, you can select one and it will "remember" your selection for the next login. Those preferences are likely stored in each users home directory somewhere. I could see a global/local directory being an OK approach as then your login preference would remain with that one machine, instead of it being in your network-attached home directory that obviously follows you to every machine that mounts the home dir over the network).

thanks for the feedback. Since we normally set the login screen to not show a login history the problem doesn't appear. But users that dont do so should be aware that this may put a strain on and NFS server if they have a lot of accounts.

It's better security to not expose your account names in any case. Here's the workaround:
$ pwd
/etc/dconf/db/gdm.d
[gboyd@xxx gdm.d]$ cat 01-login-screen
[org/gnome/login-screen]
disable-user-list=true
[gboyd@xxx gdm.d]$

then issue dconf update. I think it is automatic the next time a GUI user logs out (i.e., i dont think you have to restart the display manager)