Results 1 to 8 of 8

Thread: /home/virtfs when all users have shell disabled, how it possible?

  1. #1
    Registered Member
    Join Date
    Oct 2003
    Posts
    147

    Default /home/virtfs when all users have shell disabled, how it possible?

    Hello

    Today i see in /home dir virtfs i read many post that i couldnt delete it, but i dont know why I see that directory, because all users on cpanel have shell disabled. Today i see thise directory and /home/virtfs/username thise username i check in cpanel have shell disabled.

    Its some seciurity BUG?

    Maybe i should disable something in system? (centos 4.4)

    Please help me (compilers also disabled in cPanel for all users)

    I check it and i see that /home/virtfs/user created when user login to the FTP over SFTP.... I dont understand it

    I go to /etc/sshd_config and see:
    Subsystem sftp /usr/libexec/openssh/sftp-server

    I do
    #Subsystem sftp /usr/libexec/openssh/sftp-server

    and restart SSH but i still cant login to SFTP, it is some seciurity hole because i can edit system files from SFTP (logs, etc files)


    I see that i have option to delete /home/virtfs, i reboot the system and all catalogs in /home/virtfs/user/ was empty, only catalog etc has files, but i think that i can change file name on real /etc/ delete file from /home/virtfs/user/etc/file and rename file to the original in /etc/..

    Only way to stop this is disable SSH port example on APF and add to /etc/apf/allow_hosts.rules my home IP adress to only from that one ip ssh alow login?
    Last edited by hekri; 04-19-2007 at 03:49 AM.

  2. #2
    Registered Member
    Join Date
    Aug 2004
    Posts
    472

    Default

    virtfs link is automatically made when a user logins via shell. It will remain as such if the user is not logged out properly. If you reboot the server, the link will be gone.

  3. #3
    Registered Member
    Join Date
    Oct 2003
    Posts
    147

    Default

    Byt 100% of my users have shell disabled, it is not normal that sftp (shell) working for users when they have shell disabled. It is a hole...

  4. #4
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default

    Quote Originally Posted by hekri View Post
    Byt 100% of my users have shell disabled, it is not normal that sftp (shell) working for users when they have shell disabled. It is a hole...

    sftp is allowed if shell is disabled, its the only thing that can be run, and it runs inside a jail.

  5. #5
    Registered Member
    Join Date
    Oct 2003
    Posts
    147

    Default

    Yes i see that, but it is not normal that users can view from SFTP my /var/log /etc/ files etc...

    Is it any option to disable SFTP without blocking port 22?

  6. #6
    cPanel Staff cPanelNick's Avatar
    Join Date
    Feb 2003
    Location
    Houston, TX
    Posts
    4,852

    Default

    Quote Originally Posted by hekri View Post
    Yes i see that, but it is not normal that users can view from SFTP my /var/log /etc/ files etc...

    Is it any option to disable SFTP without blocking port 22?
    In the jailed env, you get a fake /etc

    /var/log is a link to the real one, but they should't be able to see any log files that have the proper permissions.


    Why would you want to disable sftp?


    You could just


    mv /usr/libexec/openssh/sftp-server /usr/libexec/openssh/sftp-server.disabled
    ln -s /bin/false /usr/libexec/openssh/sftp-server

  7. #7
    Registered Member
    Join Date
    Oct 2003
    Posts
    147

    Default

    All permissions do cpanel, it is a seciurity hole for me and i want to suspend SFTP, thanx for help.

  8. #8
    Registered Member
    Join Date
    Aug 2007
    Posts
    53

    Default

    Good info, thanks nick.

Similar Threads

  1. Manage Shell Access and under Disabled Shell.. screwed up !!
    By prashantp786j in forum General Discussion
    Replies: 8
    Last Post: 10-04-2013, 09:12 AM
  2. VirtFS (Jailed Shell)
    By fdnven in forum General Discussion
    Replies: 2
    Last Post: 09-04-2013, 08:11 AM
  3. what is virtfs directory in /home/virtfs ??
    By SACHIN in forum General Discussion
    Replies: 9
    Last Post: 04-01-2007, 10:49 PM
  4. /home/virtfs ???
    By parhelic in forum General Discussion
    Replies: 1
    Last Post: 05-13-2003, 07:09 PM
bargain