virtfs question

ca2236 · Feb 12, 2019

Hello,

I have been reading through some articles on virtfs and other posts

VirtFS - Jailed Shell - Version 74 Documentation - cPanel Documentation

and

this post: Dodgy links in virtfs

I'm started to understand some, but I was reading that if a file exists in the virtfs path, it will exist in the corresponding /home/useraccount path. However this is not the case here:

We have some files that need to be deleted, but can find one of them (I haven't looked for the others) in the actual home directory.

the path is:
/home/virtfs/<useraccount>/usr/local/scripts/

I tried to rm the file before reading the articles and it just said it was bad to do, It wouldn't let me anyway and just said the path was mounted read only, so I don't think any danger happened. though if I read that first, I would not have tried it

I also tried to find the files in the user's trash folder in file manager. No luck.

can someone shed some light on this? How do I delete the files that need deleted?

Thanks

cPanelMichael · Feb 14, 2019

Hello @ca2236,

Manually removing the files from the VirtFS mount is unsupported can result in filesystem errors as you noted. If you want to clear the existing bind mounts for the account, you can follow the instructions on the link below:

VirtFS - Jailed Shell - Version 78 Documentation - cPanel Documentation

Start at the "Remove a user's jailed shell environment" section, and then proceed to the "The /scripts/clear_orphaned_virtfs_mounts script" section.

Let me know if that helps.

Thanks!

ca2236 · Feb 15, 2019

Hi @cPanelMichael

I appreciate your time in answering my question. However, I do not not want to unbind the users jailed environment or remove all files, there are four files that exist there that are not needed, they are unwanted php scripts that are bad to have on the system. I am trying to figure out why they exist there, but not if I cd to that user's home directory. I don't know how they even got there to begin with (since they are not in the users home directory/removed from the home directory) and are owned by a different user account.

I have a few follow up questions

1) is there any suggestion/explanation on how non system php files (owned by a different user even) got there without the user having ssh access since this path does not exit in the actual directory or file manager, and thus I would think FTP can't access this.

2) According to VirtFS - Jailed Shell - Version 78 Documentation - cPanel Documentation
this section:
BIND mounts create a virtual link between two locations on the file system.
For example, if a user views the contents of the /home/virtfs/username/usr/bin/ directory, the user actually sees the contents
of the /usr/bin/ directory.

Does this mean that for my path in the Original Post (/home/virtfs/<useraccount>/usr/local/scripts/) that /usr/local/scripts from the system is bound to this users virtfs directory

3) if I remove the jailed environment from this one user, will clear orphaned files affect the entire server or just that account?
I think this answers this question from the article:

The /scripts/clear_orphaned_virtfs_mounts script
You can run the /scripts/clear_orphaned_virtfs_mounts script to unmount the BIND mounts for users who no longer exist or who no longer use a jailed shell environment.

This script removes the /home/virtfs/username/ directory and its contents, where username is an affected account's username.
To force the removal of all VirtFS mount points, run the following command:

/scripts/clear_orphaned_virtfs_mounts --clearall

4) if I turn back on the jailed environment, will it create a clean slate for this user?

5) if I remove the jailed environment, does this break any functionality for the user's cpanel account or website?

6) if they FTP, do they have access to the entire system (since you are removing the jailed environment) It says it will set it to noshell, but will security permissions restrict access outside the home shell.

ca2236 · Feb 15, 2019

OK, it might seem that I found part of my answer, the files I were asking about were in the systems /usr/local/scripts folders. I removed them. Now they appear to be gone out of the virtfs user account. So, I am speculating that the bind is mounting local/scripts under virtfs for that account? However, after removing the scripts in question, the contents of /home/virtfs/<account>/usr/ was empty. So ../local/scripts are not showing up anymore.

Confusing as the contents of /home/virtfs/websales/etc is not the entire the contents of /etc/

cPanelMichael · Feb 15, 2019

Hello @ca2236,

ca2236 said:
I appreciate your time in answering my question. However, I do not not want to unbind the users jailed environment or remove all files, there are four files that exist there that are not needed, they are unwanted php scripts that are bad to have on the system.

ca2236 said:
3) if I remove the jailed environment from this one user, will clear orphaned files affect the entire server or just that account?
I think this answers this question from the article:

The /scripts/clear_orphaned_virtfs_mounts script
You can run the /scripts/clear_orphaned_virtfs_mounts script to unmount the BIND mounts for users who no longer exist or who no longer use a jailed shell environment.

This script removes the /home/virtfs/username/ directory and its contents, where username is an affected account's username.

To force the removal of all VirtFS mount points, run the following command:

/scripts/clear_orphaned_virtfs_mounts --clearall

ca2236 said:
5) if I remove the jailed environment, does this break any functionality for the user's cpanel account or website?

Keep in mind that removing the VirtFS mount using the instructions in the link I provided doesn't actually remove files from the filesystem or from the individual account. It's simply removing the virtual links, which can become orphaned over time. Once you follow the instructions from the link I provided, you can enable jailed shell access on the account again and the VirtFS directory for the account will become populated again (without the orphaned files).

ca2236 said:
2) According to VirtFS - Jailed Shell - Version 78 Documentation - cPanel Documentation
this section:
BIND mounts create a virtual link between two locations on the file system.
For example, if a user views the contents of the /home/virtfs/username/usr/bin/ directory, the user actually sees the contents
of the /usr/bin/ directory.

Does this mean that for my path in the Original Post (/home/virtfs/<useraccount>/usr/local/scripts/) that /usr/local/scripts from the system is bound to this users virtfs directory

A bind mount is a transparent link between two places on the file system. The following link is useful if you want to better understand the technical nature of how this works:

What is a bind mount?

ca2236 said:
4) if I turn back on the jailed environment, will it create a clean slate for this user?

It will create a clean jailed environment (/home/virtfs/username) for the account using the instructions in the link I provided in my previous post.

ca2236 said:
6) if they FTP, do they have access to the entire system (since you are removing the jailed environment) It says it will set it to noshell, but will security permissions restrict access outside the home shell.

No, disabling jailed shell access does not grant root filesystem access to an individual user.

ca2236 said:
1) is there any suggestion/explanation on how non system php files (owned by a different user even) got there without the user having ssh access since this path does not exit in the actual directory or file manager, and thus I would think FTP can't access this.

Can you provide a specific example of the files and paths you noticed in this account's VirtFS directory?

Thank you.

ca2236 · Feb 15, 2019

Hi @cPanelMichael

cPanelMichael said:
Can you provide a specific example of the files and paths you noticed in this account's VirtFS directory?

The path was /home/virtfs/<account>/usr/local/scripts/scrubbedname.php

but scrubbedname.php was file added by us in the /usr/local/scripts directory (the servers /usr/local/scripts)

once I saw this file, I thought I understood binding, but when I remove the files from /usr/local/scripts, the virtfs directory changed too, but local/scripts was missing from /home/virtfs/<account>/usr/

cPanelMichael · Feb 18, 2019

ca2236 said:
once I saw this file, I thought I understood binding, but when I remove the files from /usr/local/scripts, the virtfs directory changed too, but local/scripts was missing from /home/virtfs/<account>/usr/

Hello @ca2236,

It makes sense the directory itself was no longer listed in /home/virtfs/username/ if there were no files in the corresponding system directory. I've not seen any behavior that suggests a problem with the way the VirtFS directory is working on your system, but feel free to open a support ticket if you'd like us to take a closer look at your system to confirm that's the case.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
B	Are /home/virtfs logs shared and accessible between accounts?	Security	4	Feb 11, 2023
S	virtfs folder end though shell access is disabled	Security	9	May 2, 2020
U	Dodgy links in virtfs	Security	9	Aug 27, 2018
J	infected files in virtfs	Security	1	Mar 22, 2017
S	virtfs missing for some users	Security	4	Aug 17, 2016

Search

Search

virtfs question

ca2236

Well-Known Member

cPanelMichael

Administrator

ca2236

Well-Known Member

ca2236

Well-Known Member

cPanelMichael

Administrator

ca2236

Well-Known Member

cPanelMichael

Administrator