How to remove virtfs and disable jailshell completely

[gribozavr]

Hello,

I want to remove /home/virtfs. I know that it consists of hardlinks to actual system files, and I shouldn't do a rm -rf. Currently I don't have any users which have jailed shell enabled, but there is still one /home/virtfs/user directory. And I want to disable jailed shell completely, so that other administrators, resellers, or whoever who can enable it now won't be able to do enable then.

And, just out of curiosity, how can virtfs hardlinks span multiple partitions? My /home partition is completely separate from /, /usr, /var, /tmp, but they all refer to the same data: I tried to create a /tmp/testfile and it shoed up as /home/virtfs/user/tmp/testfile.

PS. Excuse me for starting one more thread, but I have searched the forum, and I didn't find any definite solution, just some bizarre "it might work" suggestions, like chown'ing /home/virtfs.

 

[nerbonne]

I would like to do the same thing. Anyone?

I want to get rid of the virtfs entry.

root@server4 [/]# find / -name ef8cou -print
/home/virtfs/ef8cou
/home/virtfs/ef8cou/var/spool/mail/ef8cou
/home/virtfs/ef8cou/home2/ef8cou
/home2/ef8cou
/etc/proftpd/ef8cou
/var/cpanel/users/ef8cou
/var/cpanel/bandwidth/ef8cou
/var/cpanel/lastrun/ef8cou
/var/spool/mail/ef8cou

 

[AndyReed]

The /home/Virtfs Directory is created for users with Jailshell. Virtfs is hardlinked to some system files. If you delete the files in virtfs, you delete the actual system files they're linked to; that's very bad idea. The asiest way to is to go through the list of users in WHM >> Manage Shell Access and disable Jailed Shell for users.

For more information you can refer http://www.prongs.org/virtfs/docs/virtfs.pdf

 

[katmai]

don't delete virtfs. just disable from cpanel. if still stays there, try rebooting, if still there, just leave it there, you have nothing to be concerned of.

 

[NNNils]

you have nothing to be concerned of.

Yes, you have, because the space in /home/virtfs/user is counted towards the users quota.

I would like to see a solution for this too.

None of our users has jailshell but these dirs keep appearing.

 

[byat]

I have the same problem, lots of virtfs directories taking up disk space when no users have jail shell enabled.

I am using WHM 11.11.0 cPanel 11.16.0-S18450

Our older server is running WHM 10.8.0 cPanel 10.9.0-S9966 and doesn't have this problem at all.

 

[cPanelKenneth]

This is a quick piece, might have some errors, but should give you a better picture of virtfs.


The contents of virtfs are generally bind mounts, not hard links.

What I typically do is loop through each directory in /home/virtfs/user, issuing umount on each. Note the umount is issued against the contents of /home/virtfs/user, not /home/virtfs. I think there are one or two mounts nested below /home/virtfs/user. Once all the mounts are taken care off, the remaining files should be copies made for the purpose of jailshell. For example /home/virtfs/user/etc/passwd is only a subset of /etc/passwd, with enough info for the system and user.

To get an idea of what is bind mounted, create a test account with jailshell access and login via SSH. Once logged in, execute the mount command. You should get a list like:

/dev/root on /lib type virtfs (defaults)
/dev/root on /usr/include type virtfs (defaults)
/dev/root on /usr/lib type virtfs (defaults)
/dev/root on /usr/sbin type virtfs (defaults)
/dev/root on /usr/share type virtfs (defaults)
/dev/root on /usr/bin type virtfs (defaults)
/dev/root on /usr/X11R6 type virtfs (defaults)
/dev/root on /usr/local/bin type virtfs (defaults)
/dev/root on /usr/local/lib type virtfs (defaults)
/dev/root on /usr/local/share type virtfs (defaults)
/dev/root on /usr/local/Zend type virtfs (defaults)
/dev/root on /usr/kerberos type virtfs (defaults)
/dev/root on /usr/libexec type virtfs (defaults)
/dev/root on /usr/man type virtfs (defaults)
/dev/root on /var/log type virtfs (defaults)
/dev/root on /var/spool type virtfs (defaults)
/dev/root on /var/lib type virtfs (defaults)
/dev/root on /var/run type virtfs (defaults)
/dev/root on /tmp type virtfs (defaults)
/dev/root on /dev type virtfs (defaults)
/dev/root on /bin type virtfs (defaults)
/dev/root on /home34y69da/bug6285 type virtfs (defaults)

These are all the bind mounts.

Once all the mounts are removed, if you want to determine whether the remaining files are hard links or local copies, then execute touch on the file/directory and compare the timestamps for before and after the 'touch' For example:

os103qa:~ # ln /etc/exim.pl.local exim.pl.local
os103qa:~ # ls -la exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 16 21:49 exim.pl.local
os103qa:~ # touch exim.pl.local 
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 18 06:03 /etc/exim.pl.local
-rwxr-xr-x 2 root root 23178 Jan 18 06:03 exim.pl.local

A hard link will update both, while a local copy will only update the one. It is safe to remove a hard-linked file:

os103qa:~ # rm exim.pl.local 
os103qa:~ # ls -la exim.pl.local /etc/exim.pl.local
ls: cannot access exim.pl.local: No such file or directory
-rwxr-xr-x 1 root root 23178 Jan 18 06:03 /etc/exim.pl.local

Removing a file that is part of the bind mount is not recommended though as it removes the original. The touch test will behave the same for a bind mounted accessible files as for a hard linked file, so it's not exactly fool-proof.

 

[vapetrov]

is jailshell secure?

For more information you can refer http://www.prongs.org/virtfs/docs/virtfs.pdf

I have read this and now I have a question.
Is cpanel jailshell secure?

In mentioned pdf described how to create template in /virtual/template and than make hardlinks /virtual/user1/file to /virtual/template/file

But in cpanel I see hardlinks to REAL files like /bin/bash

So, if user in jailshell got root privileges he will be able to compromise the entire server.

Am I wrong?

 

[remotesupp]

Hi,

AndyReed is right, If you remove virtfs accidentally you need to reload your OS. Not advisable....

 

[NNNils]

Is it possible to disable quotas on the /home/virtfs dir?

That would "fix" it too.

 

[n00bie]

Is it possible to remove the virtfs directory after u-mounting the virtual chroot environment ?

I had u-mounted all the /home/virtfs resides on /proc/mounts and the file space decreased to 2.1M. I'd simply like to remove all the directory now. Is it safe?

Thank you.

 

[Al-Ra3eD.CoM]

Hello

you can remove it with this

if you type

cat /proc/mounts

you will some thing like this ..

/dev/root /home/virtfs/usershell/usr/local/IonCube ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/include ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/local/lib ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/spool ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/lib ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/cpanel ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/usr/local/cpanel/Cpanel ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/run ext3 rw,data=ordered,usrquota 0 0
/dev/root /home/virtfs/usershell/var/log ext3 rw,data=ordered,usrquota 0 0
/dev/sda6 /home/virtfs/usershell/tmp ext3 rw,nosuid,noexec,data=ordered 0 0
/dev/root /home/virtfs/usershell/bin ext3 rw,data=ordered,usrquota 0 0
/dev /home/virtfs/usershell/dev tmpfs rw 0 0
/proc /home/virtfs/usershell/proc proc rw 0 0
/dev/root /home/virtfs/usershell/home/usershell ext3 rw,data=ordered,usrquota 0 0

so .. to unmount and then remove it .. do this

/scripts/clear_orphaned_virtfs_mounts
for i in `cat /proc/mounts | grep /home/virtfs | cut -d ' ' -f 2 ` ; do umount $i ; done

you can see

cPanel JailShell, Unmount and Clean Virtfs | Control Panel Blog
VirtFS < AllDocumentation/WHMDocs < TWiki


Hamdi Mershed
Al-Ra3eD.CoM

 

[n00bie]

Thanks dude for your reply.

But, the question was, Is it safe to remove the virtfs directory after getting it u-mounted?