The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to remove virtfs and disable jailshell completely

Discussion in 'General Discussion' started by gribozavr, Aug 28, 2007.

  1. gribozavr

    gribozavr Member

    Joined:
    Aug 15, 2007
    Messages:
    23
    Likes Received:
    1
    Trophy Points:
    3
    Hello,

    I want to remove /home/virtfs. I know that it consists of hardlinks to actual system files, and I shouldn't do a rm -rf. Currently I don't have any users which have jailed shell enabled, but there is still one /home/virtfs/user directory. And I want to disable jailed shell completely, so that other administrators, resellers, or whoever who can enable it now won't be able to do enable then.

    And, just out of curiosity, how can virtfs hardlinks span multiple partitions? My /home partition is completely separate from /, /usr, /var, /tmp, but they all refer to the same data: I tried to create a /tmp/testfile and it shoed up as /home/virtfs/user/tmp/testfile.

    PS. Excuse me for starting one more thread, but I have searched the forum, and I didn't find any definite solution, just some bizarre "it might work" suggestions, like chown'ing /home/virtfs.
     
    #1 gribozavr, Aug 28, 2007
    Last edited: Aug 28, 2007
  2. nerbonne

    nerbonne Well-Known Member

    Joined:
    Aug 19, 2007
    Messages:
    52
    Likes Received:
    1
    Trophy Points:
    6
    I would like to do the same thing. Anyone?

    I want to get rid of the virtfs entry.

    root@server4 [/]# find / -name ef8cou -print
    /home/virtfs/ef8cou
    /home/virtfs/ef8cou/var/spool/mail/ef8cou
    /home/virtfs/ef8cou/home2/ef8cou
    /home2/ef8cou
    /etc/proftpd/ef8cou
    /var/cpanel/users/ef8cou
    /var/cpanel/bandwidth/ef8cou
    /var/cpanel/lastrun/ef8cou
    /var/spool/mail/ef8cou
     
  3. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    The /home/Virtfs Directory is created for users with Jailshell. Virtfs is hardlinked to some system files. If you delete the files in virtfs, you delete the actual system files they're linked to; that's very bad idea. The asiest way to is to go through the list of users in WHM >> Manage Shell Access and disable Jailed Shell for users.

    For more information you can refer http://www.prongs.org/virtfs/docs/virtfs.pdf
     
  4. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    don't delete virtfs. just disable from cpanel. if still stays there, try rebooting, if still there, just leave it there, you have nothing to be concerned of.
     
  5. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Yes, you have, because the space in /home/virtfs/user is counted towards the users quota.

    I would like to see a solution for this too.

    None of our users has jailshell but these dirs keep appearing.
     
  6. byat

    byat Registered

    Joined:
    Sep 28, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I have the same problem, lots of virtfs directories taking up disk space when no users have jail shell enabled.

    I am using WHM 11.11.0 cPanel 11.16.0-S18450

    Our older server is running WHM 10.8.0 cPanel 10.9.0-S9966 and doesn't have this problem at all.
     
  7. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    This is a quick piece, might have some errors, but should give you a better picture of virtfs.


    The contents of virtfs are generally bind mounts, not hard links.

    What I typically do is loop through each directory in /home/virtfs/user, issuing umount on each. Note the umount is issued against the contents of /home/virtfs/user, not /home/virtfs. I think there are one or two mounts nested below /home/virtfs/user. Once all the mounts are taken care off, the remaining files should be copies made for the purpose of jailshell. For example /home/virtfs/user/etc/passwd is only a subset of /etc/passwd, with enough info for the system and user.

    To get an idea of what is bind mounted, create a test account with jailshell access and login via SSH. Once logged in, execute the mount command. You should get a list like:

    Code:
    /dev/root on /lib type virtfs (defaults)
    /dev/root on /usr/include type virtfs (defaults)
    /dev/root on /usr/lib type virtfs (defaults)
    /dev/root on /usr/sbin type virtfs (defaults)
    /dev/root on /usr/share type virtfs (defaults)
    /dev/root on /usr/bin type virtfs (defaults)
    /dev/root on /usr/X11R6 type virtfs (defaults)
    /dev/root on /usr/local/bin type virtfs (defaults)
    /dev/root on /usr/local/lib type virtfs (defaults)
    /dev/root on /usr/local/share type virtfs (defaults)
    /dev/root on /usr/local/Zend type virtfs (defaults)
    /dev/root on /usr/kerberos type virtfs (defaults)
    /dev/root on /usr/libexec type virtfs (defaults)
    /dev/root on /usr/man type virtfs (defaults)
    /dev/root on /var/log type virtfs (defaults)
    /dev/root on /var/spool type virtfs (defaults)
    /dev/root on /var/lib type virtfs (defaults)
    /dev/root on /var/run type virtfs (defaults)
    /dev/root on /tmp type virtfs (defaults)
    /dev/root on /dev type virtfs (defaults)
    /dev/root on /bin type virtfs (defaults)
    /dev/root on /home34y69da/bug6285 type virtfs (defaults)
    
    These are all the bind mounts.

    Once all the mounts are removed, if you want to determine whether the remaining files are hard links or local copies, then execute touch on the file/directory and compare the timestamps for before and after the 'touch' For example:


    Code:
    os103qa:~ # ln /etc/exim.pl.local exim.pl.local
    os103qa:~ # ls -la exim.pl.local
    -rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
    os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
    -rwxr-xr-x 2 root root 23178 Jan 16 21:49 /etc/exim.pl.local
    -rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
    os103qa:~ # touch exim.pl.local 
    os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
    -rwxr-xr-x 2 root root 23178 Jan 18 06:03 /etc/exim.pl.local
    -rwxr-xr-x 2 root root 23178 Jan 18 06:03 exim.pl.local
    
    A hard link will update both, while a local copy will only update the one. It is safe to remove a hard-linked file:

    Code:
    os103qa:~ # rm exim.pl.local 
    os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
    ls: cannot access exim.pl.local: No such file or directory
    -rwxr-xr-x 1 root root 23178 Jan 18 06:03 /etc/exim.pl.local
    
    Removing a file that is part of the bind mount is not recommended though as it removes the original. The touch test will behave the same for a bind mounted accessible files as for a hard linked file, so it's not exactly fool-proof.
     
  8. vapetrov

    vapetrov Member

    Joined:
    May 24, 2002
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    is jailshell secure?

    I have read this and now I have a question.
    Is cpanel jailshell secure?

    In mentioned pdf described how to create template in /virtual/template and than make hardlinks /virtual/user1/file to /virtual/template/file

    But in cpanel I see hardlinks to REAL files like /bin/bash

    So, if user in jailshell got root privileges he will be able to compromise the entire server.

    Am I wrong?
     
  9. remotesupp

    remotesupp Member

    Joined:
    Aug 25, 2007
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    AndyReed is right, If you remove virtfs accidentally you need to reload your OS. Not advisable.... :eek:
     
  10. NNNils

    NNNils Well-Known Member

    Joined:
    Sep 17, 2002
    Messages:
    580
    Likes Received:
    0
    Trophy Points:
    16
    Is it possible to disable quotas on the /home/virtfs dir?

    That would "fix" it too.
     
  11. n00bie

    n00bie Active Member

    Joined:
    Mar 20, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible to remove the virtfs directory after u-mounting the virtual chroot environment ?

    I had u-mounted all the /home/virtfs resides on /proc/mounts and the file space decreased to 2.1M. I'd simply like to remove all the directory now. Is it safe?

    Thank you.
     
  12. Al-Ra3eD.CoM

    Al-Ra3eD.CoM Member

    Joined:
    Mar 17, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hello

    you can remove it with this

    if you type

    PHP:
    cat /proc/mounts
    you will some thing like this ..
    PHP:
    /dev/root /home/virtfs/usershell/usr/local/IonCube ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/usr/include ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/usr/local/lib ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/var/spool ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/var/lib ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/var/cpanel ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/usr/local/cpanel/Cpanel ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/var/run ext3 rw,data=ordered,usrquota 0 0
    /dev/root /home/virtfs/usershell/var/log ext3 rw,data=ordered,usrquota 0 0
    /dev/sda6 /home/virtfs/usershell/tmp ext3 rw,nosuid,noexec,data=ordered 0 0
    /dev/root /home/virtfs/usershell/bin ext3 rw,data=ordered,usrquota 0 0
    /dev /home/virtfs/usershell/dev tmpfs rw 0 0
    /proc /home/virtfs/usershell/proc proc rw 0 0
    /dev/root /home/virtfs/usershell/home/usershell ext3 rw,data=ordered,usrquota 0 0


    so .. to unmount and then remove it .. do this

    PHP:
    /scripts/clear_orphaned_virtfs_mounts
    for i in `cat /proc/mounts | grep /home/virtfs | cut -d ' ' -f 2 ` ; do umount $i done

    you can see

    cPanel JailShell, Unmount and Clean Virtfs | Control Panel Blog
    VirtFS < AllDocumentation/WHMDocs < TWiki


    Hamdi Mershed
    Al-Ra3eD.CoM
     
  13. n00bie

    n00bie Active Member

    Joined:
    Mar 20, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Thanks dude for your reply.

    But, the question was, Is it safe to remove the virtfs directory after getting it u-mounted?
     
Loading...

Share This Page