Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: kpmelocoton
kpmelocoton Author
User level: Level 1
27 points

Encrypted APFS volumes are ejected on log-out

Hello,


I have a macOS 12.6.3 used as a personal server.


I have an APFS container available on it from an external USB storage.


I have different volumes available from this container, and one of them is encrypted, and the password is *not* in any keychain. I have to mount it manually when needed (yes, even after a power outage, I'm okay with that, even if it’s a server), so some data are made available to some daemons running on this server.


The issue is that this volume is force-ejected by macOS each time I logout from a graphical logged-in user on this machine: it doesn't matter if I mounted it with `diskutil apfs unlockVolume` command line via ssh (or from a Terminal via VNC), or with "Disk Utility" GUI (also via VNC), the result is the same.


I can understand the intend of this force-ejection (avoid another user to access encrypted data, I guess ?), but in my case it's super annoying: even if there is rarely a graphically logged-in user on this machine (it's a server), sometime I still need to login via VNC with my single admin user to do some GUI-administrative task, but then as soon as I logout (I think it's a good practice to never keep a graphical user session logged-in on a server), the volume is ejected (which can end up in data corruption, like if a database was opened at this time).


Typically, the scenario is

  • I connect to my server via ssh with admin user X
  • I mount the encrypted volume with `sudo diskutil apfs unlockVolume`
  • For some reason, some time after that (hours, days, months…) I connect to my server with VNC with the same user X, and login with a graphical session (aka "console"), also with the same user X.
  • I do my stuff, and I don't touch at all the encrypted mounted volume
  • I logout when I have finished

→ Encrypted volume is force ejected 😳


There is any way to avoid this behavior ? I tested to mount the volume with the `nobrowse` flag, it doesn't change anything.


Thank you.

Posted on Feb 13, 2023 10:14 AM

Reply

Similar questions

4 replies
User profile for user: kpmelocoton
kpmelocoton Author
User level: Level 1
27 points

Feb 15, 2023 2:34 AM in response to bryanr14

Hello bryanr14,


Thank you for your answer.


So I did the upgrade of my server to 13.2.1 (22D68), but I still have the same behavior.

  • I connect to my server via ssh
  • I "sudo su"
  • I mount my volume with "diskutil apfs unlockVolume diskXsY"
  • I see it mounted in /Volumes/. I can access to it without any problem.
  • I connect via VNC to my server.
  • I graphically login with admin user.
  • <I don't do anything between these two steps>
  • I graphically logout from my admin user.
  • The encrypted volume is force ejected, I don't see it anymore in /Volumes/ and "mount" output. I can't access to it anymore, except if I mount it again.


(And I also lost my SMB sharing, but it's another topic, I apparently joined the long list of people for who SMB sharing is broken in macOS Ventura SMB File Sharing not working in Ventura - Apple Community…)


I will try to contact Apple Support or open a feedback ticket yes.


Reply
User profile for user: kpmelocoton
kpmelocoton Author
User level: Level 1
27 points

Mar 5, 2023 5:29 AM in response to kpmelocoton

I got an answer from Apple to my feedback ticket.


The volume can be listed in /etc/fstab with the ‘auto’ option then it will not be unmounted during user logout.

The file /etc/fstab is consulted for user-defined mount points, indexed by filesystem, in the mount point determination for a filesystem.  Each filesystem can be identified by its UUID or by its label, using the constructs `UUID'' or `LABEL'', respectively.  For example:

        UUID=DF000C7E-AE0C-3B15-B730-DFD2EF15CB91 /export ufs   ro
        UUID=FAB060E9-79F7-33FF-BE85-E1D3ABD3EDEA none    hfs   rw,noauto
        LABEL=The\040Volume\040Name\040Is\040This none    msdos ro


I tested this, and it works fine. Thanks to them :)


UUID=8ADF48C5-B8C7-4BE8-95BB-100C10738112 none apfs rw,auto,nobrowse


(Obviously, it's not automatically mounted, as it's encrypted, but once mounted manually, it's not automatically unmounted anymore).

Reply
User profile for user: bryanr14
bryanr14
User level: Community Specialist

Feb 14, 2023 5:44 PM in response to kpmelocoton

Hello kpmelocoton,


Thank you for reaching out in Apple Support Communities. We noticed that your Mac in on macOS Monterey 12.6.3. To help isolate this behavior further, we recommend for you to update your Mac to macOS Ventura 13.2.1. Updating to the latest macOS version helps provide software improvements that may you in this situation. If needed, here's how to update your Mac:


Use Software Update
Before following these steps, it's a good idea to back up your Mac.

1. From the Apple menu  in the corner of your screen, choose System Settings or System Preferences.

∙ If you chose System Settings, click General on the left side of the window. Then click Software Update on the right.

∙If you chose System Preferences, click Software Update in the window.

2. Software Update then checks for new software. 
∙If Software Update finds new software, click the button to install it. The button might be named Update Now, Upgrade Now, Install Now, or Restart Now, for example. You might then be asked to enter your administrator password.

∙If Software Update says that your Mac is up to date, then no new software is currently available for your Mac model. Software Update shows only software that is compatible with your Mac.

Software Update window in macOS Monterey

Following these steps may help and is outlined in this article: Update macOS on Mac - Apple Support


If that doesn't help, we recommend for you to contact Apple Support. They can review this further. Here's the link to contact them: Apple - Get Support


Kind regards.


Reply

Encrypted APFS volumes are ejected on log-out

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up