Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

virtfs question

Discussion in 'Security' started by ca2236, Feb 12, 2019.

Tags:
  1. ca2236

    ca2236 Well-Known Member

    Joined:
    Feb 2, 2018
    Messages:
    96
    Likes Received:
    12
    Trophy Points:
    8
    Location:
    Nebraska
    cPanel Access Level:
    DataCenter Provider
    Hello,

    I have been reading through some articles on virtfs and other posts

    VirtFS - Jailed Shell - Version 74 Documentation - cPanel Documentation

    and

    this post: Dodgy links in virtfs


    I'm started to understand some, but I was reading that if a file exists in the virtfs path, it will exist in the corresponding /home/useraccount path. However this is not the case here:

    We have some files that need to be deleted, but can find one of them (I haven't looked for the others) in the actual home directory.

    the path is:
    /home/virtfs/<useraccount>/usr/local/scripts/


    I tried to rm the file before reading the articles and it just said it was bad to do, It wouldn't let me anyway and just said the path was mounted read only, so I don't think any danger happened. though if I read that first, I would not have tried it :)

    I also tried to find the files in the user's trash folder in file manager. No luck.

    can someone shed some light on this? How do I delete the files that need deleted?

    Thanks
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @ca2236,

    Manually removing the files from the VirtFS mount is unsupported can result in filesystem errors as you noted. If you want to clear the existing bind mounts for the account, you can follow the instructions on the link below:

    VirtFS - Jailed Shell - Version 78 Documentation - cPanel Documentation

    Start at the "Remove a user's jailed shell environment" section, and then proceed to the "The /scripts/clear_orphaned_virtfs_mounts script" section.

    Let me know if that helps.

    Thanks!
     
  3. ca2236

    ca2236 Well-Known Member

    Joined:
    Feb 2, 2018
    Messages:
    96
    Likes Received:
    12
    Trophy Points:
    8
    Location:
    Nebraska
    cPanel Access Level:
    DataCenter Provider
    Hi @cPanelMichael

    I appreciate your time in answering my question. However, I do not not want to unbind the users jailed environment or remove all files, there are four files that exist there that are not needed, they are unwanted php scripts that are bad to have on the system. I am trying to figure out why they exist there, but not if I cd to that user's home directory. I don't know how they even got there to begin with (since they are not in the users home directory/removed from the home directory) and are owned by a different user account.

    I have a few follow up questions

    1) is there any suggestion/explanation on how non system php files (owned by a different user even) got there without the user having ssh access since this path does not exit in the actual directory or file manager, and thus I would think FTP can't access this.

    2) According to VirtFS - Jailed Shell - Version 78 Documentation - cPanel Documentation
    this section:
    BIND mounts create a virtual link between two locations on the file system.
    For example, if a user views the contents of the /home/virtfs/username/usr/bin/ directory, the user actually sees the contents
    of the /usr/bin/ directory.


    Does this mean that for my path in the Original Post (/home/virtfs/<useraccount>/usr/local/scripts/) that /usr/local/scripts from the system is bound to this users virtfs directory

    3) if I remove the jailed environment from this one user, will clear orphaned files affect the entire server or just that account?
    I think this answers this question from the article:

    The /scripts/clear_orphaned_virtfs_mounts script
    You can run the /scripts/clear_orphaned_virtfs_mounts script to unmount the BIND mounts for users who no longer exist or who no longer use a jailed shell environment.

    • This script removes the /home/virtfs/username/ directory and its contents, where username is an affected account's username.
    • To force the removal of all VirtFS mount points, run the following command:

      /scripts/clear_orphaned_virtfs_mounts --clearall

    4) if I turn back on the jailed environment, will it create a clean slate for this user?

    5) if I remove the jailed environment, does this break any functionality for the user's cpanel account or website?

    6) if they FTP, do they have access to the entire system (since you are removing the jailed environment) It says it will set it to noshell, but will security permissions restrict access outside the home shell.
     
  4. ca2236

    ca2236 Well-Known Member

    Joined:
    Feb 2, 2018
    Messages:
    96
    Likes Received:
    12
    Trophy Points:
    8
    Location:
    Nebraska
    cPanel Access Level:
    DataCenter Provider
    OK, it might seem that I found part of my answer, the files I were asking about were in the systems /usr/local/scripts folders. I removed them. Now they appear to be gone out of the virtfs user account. So, I am speculating that the bind is mounting local/scripts under virtfs for that account? However, after removing the scripts in question, the contents of /home/virtfs/<account>/usr/ was empty. So ../local/scripts are not showing up anymore.

    Confusing as the contents of /home/virtfs/websales/etc is not the entire the contents of /etc/
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @ca2236,

    Keep in mind that removing the VirtFS mount using the instructions in the link I provided doesn't actually remove files from the filesystem or from the individual account. It's simply removing the virtual links, which can become orphaned over time. Once you follow the instructions from the link I provided, you can enable jailed shell access on the account again and the VirtFS directory for the account will become populated again (without the orphaned files).

    A bind mount is a transparent link between two places on the file system. The following link is useful if you want to better understand the technical nature of how this works:

    What is a bind mount?

    It will create a clean jailed environment (/home/virtfs/username) for the account using the instructions in the link I provided in my previous post.

    No, disabling jailed shell access does not grant root filesystem access to an individual user.

    Can you provide a specific example of the files and paths you noticed in this account's VirtFS directory?

    Thank you.
     
  6. ca2236

    ca2236 Well-Known Member

    Joined:
    Feb 2, 2018
    Messages:
    96
    Likes Received:
    12
    Trophy Points:
    8
    Location:
    Nebraska
    cPanel Access Level:
    DataCenter Provider
    Hi @cPanelMichael

    The path was /home/virtfs/<account>/usr/local/scripts/scrubbedname.php

    but scrubbedname.php was file added by us in the /usr/local/scripts directory (the servers /usr/local/scripts)

    once I saw this file, I thought I understood binding, but when I remove the files from /usr/local/scripts, the virtfs directory changed too, but local/scripts was missing from /home/virtfs/<account>/usr/
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,555
    Likes Received:
    2,182
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @ca2236,

    It makes sense the directory itself was no longer listed in /home/virtfs/username/ if there were no files in the corresponding system directory. I've not seen any behavior that suggests a problem with the way the VirtFS directory is working on your system, but feel free to open a support ticket if you'd like us to take a closer look at your system to confirm that's the case.

    Thank you.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice