Bobcares
Client Area
Emergency Support
Apache | cPanel | FTP | Latest | Server Management

VirtFS Jailed Shell

by | Mar 22, 2022

Wondering how to use VirtFS Jailed Shell? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team assist with this query.

How to use VirtFS Jailed Shell?

cPanel & WHM uses VirtFS to provide a jailed shell environment for users who connect to a server via SSH.

The jailed shell acts as a container for the user, and does not allow the user to access other users’ home directories on the server.

The virtfs directory

When a user logs in to a jailed shell environment via SSH or SFTP for the first time, the system creates the /home/virtfs/ directory.

This directory contains configuration files, utilities, and BIND mounts.

  • You cannot prevent the creation of this directory or disable it.
  • This directory does not use any disk space. However, because it is a virtual mount point, some commands (for example, du) report that the directory uses disk space.
  • BIND mounts create a virtual link between two locations on the file system.
Warning: Do not use the rm command to remove any mounted file or directory within the /home/virtfs/ directory.

If you run this on any mounted file or directory within the /home/virtfs/ directory, you will also delete all of the files in the directory to which it is mounted.

This action will render your server nonfunctional.

Enable a jailed shell environment

WHM includes two options to activate a jailed shell environment.

The option that you use depends on the type of users for whom you wish to enable jailed shells.

To enable a jailed shell environment for all new and modified users, use the Use cPanel jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

  • This option allows you to force the use of a jailed shell for new accounts and accounts that you subsequently edit in the following interfaces:
    • WHM’s Modify an Account interface (WHM >> Home >> Account Functions >> Modify An Account).
    • WHM’s Upgrade/Downgrade an Account interface (WHM >> Home >> Account Functions >> Upgrade/Downgrade An Account).
  • Then, this option does not affect accounts that already exist on the server but that you have not edited in these interfaces.

To enable a jailed shell environment for a specific user, use WHM’s Manage Shell Access interface (WHM >> Home >> Account Functions >> Manage Shell Access).

Kindly note, when you enable jailed shell access for a user, the system sets the user’s shell to the /usr/local/cpanel/bin/jailshell location.
 
 
 
 

Exim and VirtFS

When a user’s shell location is /usr/local/cpanel/bin/jailshell or /usr/local/cpanel/bin/noshell, Exim runs any process from alias or filter files inside VirtFS.

This action provides extra security because Exim commands run in a jailed shell and do not affect other users.

CSF or LFD alerts

If you use a utility that monitors system changes, you may see an alert that resembles the following example after you upgrade:

1
2
3
4
5

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way.
This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/bin/crontab: FAILED
/bin/passwd: FAILED

This is a false positive warning. cPanel & WHM uses the /bin/crontab and /bin/passwd symlinks to link to files in the /usr/bin directory.

These symlinks allow jailed shell environments to access the crontab and passwd commands.

Disable or remove a jailed shell environment

You cannot completely remove the jailed shell system (VirtFS).

The directions below remove a jailed shell environment, but cannot prevent the recreation of the jailed shell environment.

The following processes may recreate the jailed shell environment:

  • Exim processing filters.
  • Piped email addresses.
  • Cron jobs.
  • Jailed Apache virtual hosts that use the mod_ruid2 module via the EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel jailshell option in WHM’s Tweak Settings interface.

Today, let us see the steps followed by our Support Techs to disable the jailed shell environment for all of the users on your server:

  1. Firstly, disable the Use cPanel jailshell by default option in WHM’s Tweak Settings interface.
  2. Then, select Disabled Shell for all of the server’s accounts in WHM’s Manage Shell Access interface.
Remove a user’s jailed shell environment

To remove a jailed shell environment, perform the following steps:

  1. Firstly, disable the jailed shell environment for the user in WHM’s Manage Shell Access interface.
  2. Then, to unmount the VirtFS BIND mounts, run the following command, where username is the desired account username: 
    umount /home/virtfs/username/usr/bin

The clear orphaned VirtFS mounts script

You can run the /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts script to unmount the BIND mounts for users who no longer exist or who no longer use a jailed shell environment.

This script removes the /home/virtfs/username/ directory and its contents.

To force the removal of all VirtFS mount points, run the following command, where username is an account’s username:

/usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall

To check your system for VirtFS mount points, run the following command, where username is the desired account username:

grep -i username /proc/mounts

[Looking for a solution to another query? We are just a click away.]

 

Conclusion

To sum up, our skilled Support Engineers at Bobcares demonstrated how to use VirtFS Jailed Shell.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. Invalid cPanel License Error – How to fix it easy & quick
  2. cPanel queue mail for delivery – How to manage
  3. How to configure MyDNS-NG
  4. How to Use cPanel’s PowerDNS

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

GET UP TO 25% OFF

cPanel Support

Spend time on your business, not on your servers.

Managing a server is time consuming. Whether you are an expert or a newbie, that is time you could use to focus on your product or service. Leave your server management & end-user tech support to us, and use that time to focus on the growth and success of your business.

TALK TO US Or click here to learn more.

Related Articles

  1. Invalid cPanel License Error – How to fix it easy & quick
  2. cPanel queue mail for delivery – How to manage
  3. How to configure MyDNS-NG
  4. How to Use cPanel’s PowerDNS

Never again lose customers to poor
server speed! Let us help you.

GET STARTED