How to disable jailshell completely and get rid of virtfs folder

[Kent Brockman]

Hello friends.
I have one VPS where the virtfs folder is using 10 GB... and it's a PITA. I don't want to expand the server if I can delete all that files.

I readed a lot and followed instructions from here:

• VirtFS (Jailed Shell) to disable _VirtFS

here:

• /home/virtfs/ consuming more space - eUKhost Official Web Hosting Forum
• Should one remove the /home/Virtfs directory? |

and more importantly from here:

• http://forums.cpanel.net/f5/how-remove-virtfs-disable-jailshell-completely-70368.html

And continuing from this last thread link, I have to ask for the last and unanswered question:
Is it safe to remove the virtfs directory after getting it u-mounted?

I think I unmounted every account correctly:

# cat /proc/mounts
/dev/simfs / simfs rw,relatime,usrquota,grpquota 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /dev tmpfs rw,relatime 0 0
none /dev/pts devpts rw,relatime 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0

Now that there are no mounts mentioning anything on /home/virtfs, can I delete this folder safely?
Should I verify anything else to be completely sure it is safe to delete?

BTW:

root [/home/virtfs]# du -s -c -h
3.1M	.
3.1M	total

But the free disk space reported is roughly the same and low than before unmount the folders.

And if I open, i.e., /home/virtfs/*username*/etc/security I see a bunch of .conf files.


Help please!
(And thanks in advance!)


UPDATE:
After a couple hours, I rechecked the status of free disk space and I see again the old mount point at /home/virtfs/username/home/username

What's going on? Why is it coming again?
I run again this command:

for i in `cat /proc/mounts|awk '/virtfs/ {print $2}'`; do umount $i;done

and everything went back to normal, but still the /home/virtfs/username files are there.
I forceful rebooted the VPS. The mount point is now "/" as it should always be.
I will keep an eye on it to see if it stay that way or the /virtfs come back to action.

Maybe some cron job is rebuilding the mount every N seconds??

root [/home/virtfs]# crontab -l
0 6 * * * /usr/local/cpanel/scripts/exim_tidydb > /dev/null 2>&1
30 5 * * * /usr/local/cpanel/scripts/optimize_eximstats > /dev/null 2>&1
35 * * * * /usr/bin/test -x /usr/local/cpanel/bin/tail-check && /usr/local/cpanel/bin/tail-check
45 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_mailman_cache && /usr/local/cpanel/scripts/update_mailman_cache
30 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache
45 */8 * * * /usr/bin/test -x /usr/local/cpanel/bin/optimizefs && /usr/local/cpanel/bin/optimizefs
30 */2 * * * /usr/local/cpanel/bin/mysqluserstore >/dev/null 2>&1
15 */2 * * * /usr/local/cpanel/bin/dbindex >/dev/null 2>&1
15 */6 * * * /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1
*/5 * * * * /usr/local/cpanel/bin/dcpumon >/dev/null 2>&1
6 4 * * * /usr/local/cpanel/whostmgr/docroot/cgi/cpaddons_report.pl --notify
12,27,42,57 * * * * /usr/local/cpanel/whostmgr/bin/dnsqueue > /dev/null 2>&1
7 0 * * * /usr/local/cpanel/scripts/upcp --cron
59 4 * * * mysqlcheck --optimize --all-databases; /MARCELO/mysqltuner.pl
11 5 * * * updatedb >/dev/null 2>&1

12 2 * * 0 /usr/local/cpanel/bin/cloudflare_update.sh >/dev/null 2>&1
30 6 * * * /usr/local/cpanel/bin/backup
0 1 * * * /usr/local/cpanel/scripts/cpbackup
38 4 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings
2,58 * * * * /usr/local/bandmin/bandmin
0 0 * * * /usr/local/bandmin/ipaddrmap

 

[ThinIce]

I'm sure one of the cPanel chaps will be along soon, but I'm relatively sure that you can't disable it these days, things like user cron are run in the jail now.

VirtFS (Jailed Shell)

PICK Important: In cPanel & WHM Version 11.38, updates to the jailed shell system were added to improve security. As a result, it is not possible to completely remove the jailed shell system.

ALERT! Warning: The directions below will remove a jailed shell, but cannot prevent the recreation of the jailed environment. Examples of processes that recreate the jailed environment include:

Exim processing filters
Piped e-mail addresses
Cron tasks
Jailed Apache Virtual Hosts that use mod_ruid2 via the applicable Tweak Setting option.

 

[cPanelMichael]

Hello

You would have to grant full shell access to the account in order to prevent the account from using a jailed shell environment for things like cron jobs or Exim filters. However, to note, I believe you are not interpreting the disk space it uses correctly. A bind mount is a transparent link between two places on the file system. For example, if a user views the contents of /home/virtfs/username/usr/bin, the user actually sees the contents of /usr/bin. Thus, the /home/virtfs/$user directory itself is not actually using up any additional space than already exists. Data is not actually duplicated.

Thank you.

 

[Kent Brockman]

Hello Michael. Ok, so, that's why before u-mounting, the disk space used by virtfs was 10 GB, and now is barely 3 MB, and although the free disk space reported in System Health »Show Current Disk Usage is the same before and after, that's because of hard links?

Nevertheless, I NEVER give shell access to no customer, but virtfs is showing two of them, with no shell access granted. This may happened why? if they set a crontask? I have lots of users here and in the other VPS using cron tasks and not being pushed into virtfs.

Exim processing filters? I do use filters in other servers and virtfs is empty, zero bytes long.

Jailed shell? mod_ruid2? We don't use that, now nor never before. Since it's a small shared hosting, I don't feel like users connecting via SSH, ever.

Piped e-mail addresses? if you mean email redirection piped to any system command, never used that.


So, I guess I have to live with that, and those folders using 3 MB turn out to be the best scenario I can hope? What if I delete the 2 accounts and then recreate it from a fresh backup? That won't delete the user's folders inside virtfs?

 

[cPanelMichael]

Ok, so, that's why before u-mounting, the disk space used by virtfs was 10 GB, and now is barely 3 MB, and although the free disk space reported in System Health »Show Current Disk Usage is the same before and after, that's because of hard links?

No, the disk space you are seeing is not actually used in the virtfs directory. You are actually seeing the disk space used by the directories linked to. When you umounted the virtfs directory it removed those links, so that's why you see less space reported.

Nevertheless, I NEVER give shell access to no customer, but virtfs is showing two of them, with no shell access granted. This may happened why? if they set a crontask? I have lots of users here and in the other VPS using cron tasks and not being pushed into virtfs.

I believe you are unnecessarily viewing the virtfs directory with a negative connotation due the incorrect assumption that it's taking up more disk space. It's not actually utilizing additional space, it just seems that way due to how the links to other directories are utilized. Check the sections related to cPanel 11.38 and 11.40 on the following document to get a better idea of why virtfs is utilized for accounts.

VirtFS (Jailed Shell)

It's by design that it's utilized with jailed shell or no shell. It's setup this way to increase security.

Thank you.

 

[Kent Brockman]

Yes, I did readed that doc. I now understand the hardlink thing. What I dont understand and puzzles me it's why I'm not seeing such folders and "virtual" usage in my other VPS. All of them have the same OS and cPanel versions...

 

[Kent Brockman]

Now I see, there is a cron task set for that account and everytime it runs, the virtfs is mounted.

The thing I dont understand, and I think it could be weird/bad/incorrect, is that the main disk mount point was permanently set to be

/home/virtfs/*username*/home/*username*

In other VPS I see that is set to "/"
Can you explain why this happens and if it is expected to be so?

 

[cPanelMichael]

The thing I dont understand, and I think it could be weird/bad/incorrect, is that the main disk mount point was permanently set to be

/home/virtfs/*username*/home/*username*

Could you elaborate on this? For instance, what do you mean by the main disk mount point?

Thank you.

 

[Kent Brockman]

Maybe I named incorrectly.
No I fixed it by unmounting and deleting the cron tasks, as they belong to an old account of mine.

Below, where you now see Mount Point = "/", before u-mounting the virtfs folders, it used to say "/home/virtfs/*username*/home/*username*"
https://www.dropbox.com/s/7p7rilgpww3aims/diskusage.jpg

Why was that?

 

[cPanelMichael]

Below, where you now see Mount Point = "/", before u-mounting the virtfs folders, it used to say "/home/virtfs/*username*/home/*username*"
https://www.dropbox.com/s/7p7rilgpww3aims/diskusage.jpg
Why was that?

Let us know if you experience that issue with the Disk Usage report in WHM again or are able to reproduce it. It's a separate issue to your original post on this thread. You can open a support ticket to report it and let us know the ticket number here if it happens again.

Thank you.

 

[Kent Brockman]

Thank you Michael, I'll keep an eye on this.

 

[crazyaboutlinux]

Thank you Michael, I'll keep an eye on this.

An Important Thread. really needs to be subscribed.

 

[cPanelMichael]

An Important Thread. really needs to be subscribed.

Are you experiencing a similar issue? This thread was opened in January so it's not likely to receive additional input from the user at this point in time.

Thank you.

 

[wbarrios]

Update: VirtFS Jailed Shell | cPanel & WHM Documentation

 

[Arec Johnson]

I've also the same question and looking for the right solution. But thanks for sharing the updated guide link it clears my query on how to disable or remove jail shell environment: https://docs.cpanel.net/knowledge-base/accounts/virtfs-jailed-shell/#disable-or-remove-a-jailed-shell-environment

 

[cPRex]

@Arec Johnson - does the documentation answer your questions now that you've had a chance to check it out?