Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Accounts in VirtualFS have full server /usr/ access?

Discussion in 'Security' started by martin MHC, May 17, 2019.

  1. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    141
    Likes Received:
    21
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I have a server with WHM 78.0.23
    I have CentOS 7.6

    I noted by pure chance yesterday (16th May 2019) that two accounts on the server have virtual File System access to the entirity of the Server /usr/ directory and all contained files and sub-directories.

    This is only true for these two accounts. All other accounts on the virtual File system, ( /home/virtfs/<account>/.... ) have empty or minimal /usr/ folder contents.

    For example;
    I can access this filepath:
    /home/virtfs/<account-name>/usr/local/lib/php

    And from there update the PHP classes used by the whole server.

    Data:
    Running
    Code:
    grep -i username /proc/mounts
    
    for various usernames gives me NO results, except for the account with full /usr/ access; stating:




    Question 1:
    Is this a security risk or is this somehow intentional? Why is it one or two accounts (only) that have this access?

    Question 2:

    Yesterday there were two accounts that displayed this.
    Today I am looking and see only one account that has this full breached-jail access in their /home/virtfs/ directory.

    So this indicates that this access can be changed/reduced/removed. I do not think I want to unnmount the folder; /usr/ as every virtfs/account has a /usr/ folder, but theirs is empty, and this one is not. How can I do this safely?

    Is it fine simply to run

    Code:
    umount /home/virtfs/username/usr
    


    I have read WHM Virtual Jailed Shell documentation
    I have read /home/virtfs/0_README_BEFORE_DELETING_VIRTFS

    Thank you.
     
    #1 martin MHC, May 17, 2019
    Last edited: May 17, 2019
  2. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,885
    Likes Received:
    120
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    This is intentional & jails the users access so its a security enhancement.
    The permissions have not changed, Likely that user has a cron running even if the user has no Jail shell enabled the users crontab will run in the jail. Best to just leave it alone as it appears to be working as it should.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    141
    Likes Received:
    21
    Trophy Points:
    18
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Feedback from WHM / CPanel support (on another matter) came back with some useful guidance.

    The Virtual File System access as described is put in place if there is any SSH or SFTP access to the account. This would typically be via the local IDE .
    And yes - as dalem states; cronjob's also will cause these /virtfs/accountname/ access details to be automatically set up by the server.

    I was initially surprised to find these access routes and with some digging am comfortable they're normal and proper as of WHM 78.
     
  4. dalem

    dalem Well-Known Member PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,885
    Likes Received:
    120
    Trophy Points:
    368
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    they have been normal and proper since cpanel implemented jail shell years back :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Glad to see you were able to get this resolved @martin MHC let us know if you have any further questions or concerns.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice