Encrypted APFS volumes are ejected on log-out
Hello,
I have a macOS 12.6.3 used as a personal server.
I have an APFS container available on it from an external USB storage.
I have different volumes available from this container, and one of them is encrypted, and the password is *not* in any keychain. I have to mount it manually when needed (yes, even after a power outage, I'm okay with that, even if it’s a server), so some data are made available to some daemons running on this server.
The issue is that this volume is force-ejected by macOS each time I logout from a graphical logged-in user on this machine: it doesn't matter if I mounted it with `diskutil apfs unlockVolume` command line via ssh (or from a Terminal via VNC), or with "Disk Utility" GUI (also via VNC), the result is the same.
I can understand the intend of this force-ejection (avoid another user to access encrypted data, I guess ?), but in my case it's super annoying: even if there is rarely a graphically logged-in user on this machine (it's a server), sometime I still need to login via VNC with my single admin user to do some GUI-administrative task, but then as soon as I logout (I think it's a good practice to never keep a graphical user session logged-in on a server), the volume is ejected (which can end up in data corruption, like if a database was opened at this time).
Typically, the scenario is
- I connect to my server via ssh with admin user X
- I mount the encrypted volume with `sudo diskutil apfs unlockVolume`
- For some reason, some time after that (hours, days, months…) I connect to my server with VNC with the same user X, and login with a graphical session (aka "console"), also with the same user X.
- I do my stuff, and I don't touch at all the encrypted mounted volume
- I logout when I have finished
→ Encrypted volume is force ejected 😳
There is any way to avoid this behavior ? I tested to mount the volume with the `nobrowse` flag, it doesn't change anything.
Thank you.