virtfs missing for some users

[sparek-3]

Should there be a /home/virtfs/%username% mount for every user? Should this stay persistent?

I'm only seeing some of my users have a /home/virtfs/%username% directory. I'm not seeing a rhyme or reason behind this either. Practically all of the users that exist in /home/virtfs don't have shell access enabled.

I really figured all users had a corresponding /home/virtfs/%username% mount. But that does not appear to be the case. Is that by design?

 

[sparek-3]

With a little bit more consistency with virtfs and with php-fpm's chroot directive, you might have a CageFS like cPanel specific solution.

 

[cPanelMichael]

Hello,

The following processes may recreate the jailed shell environment, even when shell access is disabled:

• Exim processing filters.
• Piped email addresses.
• Cron jobs.
• Jailed Apache virtual hosts that use the mod_ruid2 module via the EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell option in WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings).

This is mentioned on the VirtFS document.

Thank you.

 

[sparek-3]

Has any thought been put into making this a bit more consistent? I mean, is there any downside to having a /home/virtfs/%username% chroot environment for every user all the time?

I just see where you could set php-fpm's chroot directive to /home/virtfs/%username% for each user's pool and have a more closed environment for PHP script execution. But this will only work if /home/virtfs/%username% exists for each user.

This is just something I stumbled across and I thought it might make sense.

 

[cPanelMichael]

I'm not aware of any downsides, however it's not something that's currently under consideration. I encourage you to open a feature request, including the potential benefits, via:

Submit A Feature Request

Thank you.