Skip navigation

cannot eject usb stick in os x containing a private keychain containing only user created secure notes

1280 Views 35 Replies Latest reply: Apr 24, 2013 3:59 PM by ancientscream RSS
1 2 3 Previous Next
ancientscream Level 1 Level 1 (20 points)
Currently Being Moderated
Apr 13, 2013 9:31 AM

cannot eject usb stick in os x containing a private keychain containing only user created secure notes, because os x claims lots of other apps are using the said private keychain ?


and would love a resolution to this problem as its beginning to wind me up every day, so let me explain my issue:


I have a usb stick I connect to my computers, on this usb stick I have a personal keychain for passwords in secure note items only, starting under snow leopard when I try to eject said usb stick containing my secure note item private keychain, it refuses to claiming my usb stick by x open application which by the looks of it seems only to be those apps with net access ? they are claimed claim to be using the private keychain on my usb stick and refuse to allow me to eject the usb stick.


I have verified which apps with lsof grep, but sadly, it will not go into details as to which keychain secure note item they are claiming use of, it just says they claiming use of that whole keychain on the USB key. Now if I quit all the programs until im running just the finder, I can always eject the USB stick containing the private keychain. But obviously this is a total pain everytime i may need to plug and and unplug this USB stick to have to quit all open applications ?


The thing that is ultra confusing is that the keychain in question on the USB stick only contains secure note items for my private use storing logins and passwords and things, and none of the secure notes can have been setup by the apps themselves, as apps in my understanding would not create secure notes in my private keychain ? but somehow theyre still claiming rights over my private keychain ? I have also tried deleting the keychain from the list and removing references only and quitting keychain. the other apps in question Mail / Google / NetAuthAgent (was doing some screen sharing at the time i tested it) all still think they have dibs rights over my private keychain of secure notes, even though they should be having nothing to do with it ? its one thing for them to store some stuff in the login keychain, but dibs over my private keychain should not be included in that access ?


I think this must be some kind of bug in keychain in snow leopard and later or something because I didnt suffer this in leopard ? its ridiculous for an app to be claiming rights over a keychain theyve never used ? I think apple have simplified this such that all apps claim some kind of right over all keychains that keychain acess knows off regardless of whether they have used that keychain at all, but if that were the case you would have thought removing keychain access's knowledge of my private keychain would resolve the issue but apparently not ?


Message was edited by: ancientscream errata

MacBook Pro, Mac OS X (10.6.8)
  • gordguide Level 1 Level 1 (25 points)

    Probably not a bug, probably intentional. Apps that connect to the internet are going to have Certificates, etc for validation. Having or a browser will definitely result in polling of the keychain, and with the modern software model going to essentially mandatory net access to authorize apps on launch (and who knows when else) I can see the keychain being kept open by pretty much every app, give or take a few old school exceptions.


    Can you logout, eject the USB stick, and login again?


    You might try locking the keychain before trying to eject the USB drive as well.


    For what it's worth, I have a camera that a different MacOS system (not mine) wants to hold onto the disk seemingly forever. What it's doing is trying to read every photo on the camera when all I want is to upload the last few I took. So I Force Eject it pretty much every time, and no issues ever, with hundreds of Force Ejects, despite the warning.


    I think as long as some process is only trying to READ the Keychain, you should be OK. I would not want to risk it if something was WRITING to the Keychain file though, so as a precaution I myself would lock the Keychain in question, back it up to another location, and then try using Force Eject.

  • gordguide Level 1 Level 1 (25 points)

    If you are logged in to that Keychain, the OS is going to keep it open. Plain and simple. It does not know or care if there is, for example, the SSL Authentication for your eMail app in there or not (will be used by to access your eMail accounts so you can send or receive messages).


    There are numerous other possible files that could be used by the OS there; it's irrelevant which ones or whether they're needed or not. It knows if it was needed it might be there, so it will want to look regardless.


    You access the Force Eject button by attempting to eject the volume (in this case USB Key). When it complains that it doesn't want to eject it because it is in use, the Force Eject button appears on that dialog.


    Right-Click or Control-Click the volume, and select Eject. Either it will eject or you will be given the option to Force Eject.


    But remember to logout of that keychain stored on your USB drive first and back it up (or at least I would).

  • gordguide Level 1 Level 1 (25 points)

    It does not matter **what** is in that keychain. It only matters what **could be** in that keychain; the OS is going to treat it like any other keychain, and want to read it and see **what** is in there.


    Don't know if it's your habit or not, but the very first thing anyone should do when they upgrade/install/use for the first time the OS, is to go through the preferences for everything and set things up as you prefer. Do the same thing every time you install an app.


    If you don't know whether you want to change something or not, then leave it and you can always go back later once you decide how you want things.


    That goes also for other parts of the OS; it could be, for example, trying to Spotlight Index the drive. If you had done as I suggested above, you would have already set Spotlight preferences to not index the USB key every time it's plugged in. Just an example of why I suggested it.


    But, as an extension of that, you should have gone into Keychain Access preferences at least once by now.


    There are settings in there that could affect how the OS deals with your keychain file (eg how long to keep a given keychain open; etc).


    Dig around there and get it setup the way you want. I have my user-generated keychain lock (loguout) automatically in 20 minutes. Shorter times are better but if it's too short, sometimes you have it lock before you are done with the Secure Note, so you would have to enter the password again to continue entering or viewing data in the Note.


    And go through your Preferences so that something is not trying to read the USB key all the time. Do it now.


    I find it strange that you don't get the Force Eject dialog. However, just yanking the USB stick out of the USB slot does the same thing. In that case you get instead the nanny dialog warning you to stop doing that. Whatever; it works the same way.


    And it's important to note that is for some reason your system is setup to write to that drive, that can cause loss of data if the write process was going on during the Force Eject or the Hard Unmount.


    I can tell you one thing ... SOMETHING is asking for continuous access to that volume. Find out what and kill it.

  • gordguide Level 1 Level 1 (25 points)

    Perfectly normal. Google is a browser, it wants access to security certificates, if you use autofill that will be in a keychain, etc.


    Screen Sharing is also authenticating via the keychain. It uses the keychain to, for example, confirm the proper credentials exist and to create a secure connection to an authorized remote machine. The alternative would be to allow every hacker in China access to your machine because there would be no authentication. Which do you prefer?


    It's exactly the opposite of what you are thinking ... without access to the keychain then these processes can't do anything. Since the keychain is resident on your machine and can't be accessed unless you are the logged in user and have entered your password, it's a security enhancement, not a detriment.


    Apple used an appropriate name to describe the Keychain. It's equivalent to the keys to your house. If someone doesn't have the key, they can't open the door. Because you have the key in your posession, you can unlock the door. The Keychain on your USB stick is like a key in your pocket. In fact it's more like a door where the key must be in the lock and you have to enter a password on a numeric keypad, both, to unlock the door.


    The Terminal is a joy to use. It is easily the best feature of a UNIX based system like MacOS. There is nothing wrong with (properly) entering commands via the Terminal to get things done, because it is a VERY obedient slave to you, the master of the machine.


    But the root of this problem is something that is authorized to access the keychain is doing what it should, which is accessing it. You need to find out what is asking for access. Using the OS and apps in their default preferences will almost certainly result in the OS and apps accessing the keychain continuiously. When you install an app, do you turn off automatic updates? Just an example.


    Set up your machine so that it works perfectly when not connected to the internet. Stop apps from "automatically" doing anything whatsoever. You are the boss, act like it and rule your domain with an iron fist.

  • gordguide Level 1 Level 1 (25 points)

    " ...

    both will tell you which apps are demanding access and to the which file on the volume in question, that is still not the issue, the real question is why ? ..."


    Because you let them. Have you gone through the preferences for these apps yet? Get to it.

  • gordguide Level 1 Level 1 (25 points)

    Okay, for the last time.


    This has NOTHING to do with your Secure Notes. Nothing is accessing your secure notes (they can't access them).


    If anything is accessing that keychain on that USB stick, it's because it is looking for **ANY** of the possible other things that **COULD BE** in that keychain. Whether those other things exist or not is irrelevant.


    Google Chrome IS NOT accessing your Secure Notes. It's accessing your Keychain. It can't access your secure notes on that Keychain. It can access other stuff on there that it legitimately uses; it just so happens that they aren't present. Don't confuse someone opening your car door with stealing your wallet, even though the wallet is in your pocket and you're sitting in the car.



    Are you copying the keychain to the relevant folder on your HD when you insert the USB stick, and then copying that keychain back to the USB stick after modifying your Secure Notes? If not, that is what you should be doing.

  • gordguide Level 1 Level 1 (25 points)

    Well, all those command lines came after UNIX, so one would hope they were improvements. Yet in many cases they were not, even if they succeeded in some aspects.


    I ran LInux on my desktop and wrote documentation for Yellow Dog Linux; the change to UNIX was almost effortless. I think you do have to run a command line based OS (even if a GUI is also included) to truly grasp what UNIX is capable of. There is no fear in dropping into the Terminal once you understand how powerful a tool it is, but to get there, I think some time with no GUI at all is very helpful.


    I have tremendous respect for OS9 (and System 7.5) and again in many respects they were superior to OSX but the truth is the baggage of the underlying code were preventing them from advancing into a truly modern OS. One obvious example is the help system under what some now call "Classic MacOS" which was easily the best ever offered in an OS by anyone, and one that OSX has yet to equal. On the other hand, multitasking was impossible, and that is something we use every day, even if it's not obvious, in OSX.


    AppleScript is seriously underutilized by most Mac users; then again it was better in OS9 and earlier. Windows users still to this day have no idea what a system-wide scripting language that works with every application, not just the Office Suite, is capable of.


    Then again, I don't for one second miss Extension Managers, and OSX's scripting abilities are still powerful.


    Your experience with Mac hardware differs from mine; on average since 1991 I have upgraded every 6 years. The Mac Desktop I bought in 2002 is still running to this day, with OSX 10.4x. My 2009 model Mini Server has been a 24/7 machine since new and shows no sign of old age. I have never personally been a fan of iMacs but a buddy's 2007 model has never been shut down and runs like the day it came out of the box (all he does is surf + eMail).


    I have another friend who uses a 1998-era iMac 24/7 although it's not exposed to the 'net, it also is never shut down.


    I have never felt limited by Apple's design as far as upgradablilty goes. The 867 Mhz G4 has an 8-channel 24/96 professional sound card, Fast SCSI, Fast SATA, 4 hard drives, and a very decent video card. Although it's only used for audio sessions now, It was also a 24/7 desktop until 2009.


    Microsoft got it right with XP but clearly have lost their way in the meantime. By the way I have been booting Windows since 3.1 on my Macs; first install was on a so-called "Road Apple" Performa 5215 in 1996 via SoftWindows 1.0 and have had a MS OS on every Mac since. That machine had a TV tuner, video in/out, a remote control, and easily the best telephony application I have ever seen via it's data/fax/modem. I used it for 7 years.

1 2 3 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.