How to remove virtfs and disable jailshell completely

gribozavr

Member
Aug 15, 2007
23
1
53
Hello,

I want to remove /home/virtfs. I know that it consists of hardlinks to actual system files, and I shouldn't do a rm -rf. Currently I don't have any users which have jailed shell enabled, but there is still one /home/virtfs/user directory. And I want to disable jailed shell completely, so that other administrators, resellers, or whoever who can enable it now won't be able to do enable then.

And, just out of curiosity, how can virtfs hardlinks span multiple partitions? My /home partition is completely separate from /, /usr, /var, /tmp, but they all refer to the same data: I tried to create a /tmp/testfile and it shoed up as /home/virtfs/user/tmp/testfile.

PS. Excuse me for starting one more thread, but I have searched the forum, and I didn't find any definite solution, just some bizarre "it might work" suggestions, like chown'ing /home/virtfs.
 
Last edited:

nerbonne

Well-Known Member
Aug 19, 2007
52
1
58
I would like to do the same thing. Anyone?

I want to get rid of the virtfs entry.

[email protected] [/]# find / -name ef8cou -print
/home/virtfs/ef8cou
/home/virtfs/ef8cou/var/spool/mail/ef8cou
/home/virtfs/ef8cou/home2/ef8cou
/home2/ef8cou
/etc/proftpd/ef8cou
/var/cpanel/users/ef8cou
/var/cpanel/bandwidth/ef8cou
/var/cpanel/lastrun/ef8cou
/var/spool/mail/ef8cou
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
The /home/Virtfs Directory is created for users with Jailshell. Virtfs is hardlinked to some system files. If you delete the files in virtfs, you delete the actual system files they're linked to; that's very bad idea. The asiest way to is to go through the list of users in WHM >> Manage Shell Access and disable Jailed Shell for users.

For more information you can refer http://www.prongs.org/virtfs/docs/virtfs.pdf
 

katmai

Well-Known Member
Mar 13, 2006
564
3
168
Brno, Czech Republic
don't delete virtfs. just disable from cpanel. if still stays there, try rebooting, if still there, just leave it there, you have nothing to be concerned of.
 

NNNils

Well-Known Member
Sep 17, 2002
580
0
166
you have nothing to be concerned of.
Yes, you have, because the space in /home/virtfs/user is counted towards the users quota.

I would like to see a solution for this too.

None of our users has jailshell but these dirs keep appearing.
 

byat

Registered
Sep 28, 2007
1
0
51
I have the same problem, lots of virtfs directories taking up disk space when no users have jail shell enabled.

I am using WHM 11.11.0 cPanel 11.16.0-S18450

Our older server is running WHM 10.8.0 cPanel 10.9.0-S9966 and doesn't have this problem at all.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,608
77
308
cPanel Access Level
Root Administrator
This is a quick piece, might have some errors, but should give you a better picture of virtfs.


The contents of virtfs are generally bind mounts, not hard links.

What I typically do is loop through each directory in /home/virtfs/user, issuing umount on each. Note the umount is issued against the contents of /home/virtfs/user, not /home/virtfs. I think there are one or two mounts nested below /home/virtfs/user. Once all the mounts are taken care off, the remaining files should be copies made for the purpose of jailshell. For example /home/virtfs/user/etc/passwd is only a subset of /etc/passwd, with enough info for the system and user.

To get an idea of what is bind mounted, create a test account with jailshell access and login via SSH. Once logged in, execute the mount command. You should get a list like:

Code:
/dev/root on /lib type virtfs (defaults)
/dev/root on /usr/include type virtfs (defaults)
/dev/root on /usr/lib type virtfs (defaults)
/dev/root on /usr/sbin type virtfs (defaults)
/dev/root on /usr/share type virtfs (defaults)
/dev/root on /usr/bin type virtfs (defaults)
/dev/root on /usr/X11R6 type virtfs (defaults)
/dev/root on /usr/local/bin type virtfs (defaults)
/dev/root on /usr/local/lib type virtfs (defaults)
/dev/root on /usr/local/share type virtfs (defaults)
/dev/root on /usr/local/Zend type virtfs (defaults)
/dev/root on /usr/kerberos type virtfs (defaults)
/dev/root on /usr/libexec type virtfs (defaults)
/dev/root on /usr/man type virtfs (defaults)
/dev/root on /var/log type virtfs (defaults)
/dev/root on /var/spool type virtfs (defaults)
/dev/root on /var/lib type virtfs (defaults)
/dev/root on /var/run type virtfs (defaults)
/dev/root on /tmp type virtfs (defaults)
/dev/root on /dev type virtfs (defaults)
/dev/root on /bin type virtfs (defaults)
/dev/root on /home34y69da/bug6285 type virtfs (defaults)
These are all the bind mounts.

Once all the mounts are removed, if you want to determine whether the remaining files are hard links or local copies, then execute touch on the file/directory and compare the timestamps for before and after the 'touch' For example:


Code:
os103qa:~ # ln /etc/exim.pl.local exim.pl.local
os103qa:~ # ls -la exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
os103qa:~ # touch exim.pl.local 
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 18 06:03 /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 18 06:03 exim.pl.local
A hard link will update both, while a local copy will only update the one. It is safe to remove a hard-linked file:

Code:
os103qa:~ # rm exim.pl.local 
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
ls: cannot access exim.pl.local: No such file or directory
-rwxr-xr-x 1 root root 23178 Jan 18 06:03 /etc/exim.pl.local
Removing a file that is part of the bind mount is not recommended though as it removes the original. The touch test will behave the same for a bind mounted accessible files as for a hard linked file, so it's not exactly fool-proof.
 

vapetrov

Member
May 24, 2002
14
0
301
is jailshell secure?

I have read this and now I have a question.
Is cpanel jailshell secure?

In mentioned pdf described how to create template in /virtual/template and than make hardlinks /virtual/user1/file to /virtual/template/file

But in cpanel I see hardlinks to REAL files like /bin/bash

So, if user in jailshell got root privileges he will be able to compromise the entire server.

Am I wrong?
 

remotesupp

Member
Aug 25, 2007
10
0
51
Hi,

AndyReed is right, If you remove virtfs accidentally you need to reload your OS. Not advisable.... :eek:
 

NNNils

Well-Known Member
Sep 17, 2002
580
0
166
Is it possible to disable quotas on the /home/virtfs dir?

That would "fix" it too.
 

n00bie

Active Member
Mar 20, 2007
29
0
151
Is it possible to remove the virtfs directory after u-mounting the virtual chroot environment ?

I had u-mounted all the /home/virtfs resides on /proc/mounts and the file space decreased to 2.1M. I'd simply like to remove all the directory now. Is it safe?

Thank you.
 

Al-Ra3eD.CoM

Member
Mar 17, 2010
7
0
51
Hello

you can remove it with this

if you type

PHP:
cat /proc/mounts
you will some thing like this ..
PHP:
/dev/root /home/virtfs/usershell/usr/local/IonCube ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/include ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/local/lib ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/spool ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/lib ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/cpanel ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/local/cpanel/Cpanel ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/run ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/log ext3 rw,data=ordered,usrquota 0 0
/dev/sda6 /home/virtfs/usershell/tmp ext3 rw,nosuid,noexec,data=ordered 0 0
/dev/root /home/virtfs/usershell/bin ext3 rw,data=ordered,usrquota 0 0
/dev /home/virtfs/usershell/dev tmpfs rw 0 0
/proc /home/virtfs/usershell/proc proc rw 0 0
/dev/root /home/virtfs/usershell/home/usershell ext3 rw,data=ordered,usrquota 0 0

so .. to unmount and then remove it .. do this

PHP:
/scripts/clear_orphaned_virtfs_mounts
for i in `cat /proc/mounts | grep /home/virtfs | cut -d ' ' -f 2 ` ; do umount $i ; done

you can see

cPanel JailShell, Unmount and Clean Virtfs | Control Panel Blog
VirtFS < AllDocumentation/WHMDocs < TWiki


Hamdi Mershed
Al-Ra3eD.CoM
 

n00bie

Active Member
Mar 20, 2007
29
0
151
Thanks dude for your reply.

But, the question was, Is it safe to remove the virtfs directory after getting it u-mounted?