cPanel & WHM uses VirtFS to provide a jailed shell environment for users who connect to a server via SSH. The jailed shell acts as a container for the user and does not allow the user to access other users’ home directories on the server.
>>Users in a jailed shell environment can run otherwise-unavailable commands (for example, crontab and passwd).
Warning:
Do not use the rm command to remove any mounted file or directory within the /home/virtfs/ directory.
If you run the rm command on any mounted file or directory within the /home/virtfs/ directory, you will also delete all of the files in the directory to which it is mounted.
This action will render your server nonfunctional.
When a user logs in to a jailed shell environment via SSH or SFTP for the first time, the system creates the /home/virtfs/cpaneluser. This directory contains configuration files, utilities, and BIND mounts.
Resolution:
- First we need to check the jailed shell feature is enabeld in the server or not.
login to your WHM, click on Server Configuration -> Tweak Settings -> Use cPanel® jailshell by default.
1.Use cPanel® jailshell by default >>ON >> Means it's enabled.
2.Use cPanel® jailshell by default >> OFF >> Means it’s disabled.
Most cases the option is in OFF postion but still the virtual directory is present in the location “/home/virtfs/user”.
It happens due to some users have used jailed shell environment previously.
2. We need to check which domains are currently using the jailed shell.
Access WHM >> Manage shell access >> Check the shell for all the users. Most users are using Normal shell. We will get the actual jailed users. We need to compare it with the users information in the server.
Run the following command to get the list of jail shell users.
grep username /etc/passwd
(replace username with their username).
If you see something like this:username:x:733:733::/home/username:/usr/local/cpanel/bin/jailshell
Then it’s still enabled. Otherwise, it’ll look something like this:
username:x:505:502::/home/username:/bin/bash
OR
username:x:2137:2131::/home/username:/usr/local/cpanel/bin/noshell
3. If we find some extra users that are using the jailed shell, we need to chang the shell access by running the following command.
usermod -s /bin/bash username
4. Now you must check if the user has JailShell defined in its crontab.
crontab -l -u username
5. If you notice SHELL=”/usr/local/cpanel/bin/jailshell” in the output, you’ll need to edit user’s crontab and delete that line. To access user’s crontab while logged in as root, use:
crontab -e -u username
6. Now you are certain that the user has new default shell and that his cron jobs won’t be executed in JailShell.
Before going any further, you should check if the user has been logged in the whole time and it’s still logged in JailShell.
Please use the follwong command to get the details about the current users.
w
If you find some unwanted users logged into the server by using the jailed access.
if you feel like it, you can log him out by yourself. After all, everybody should bow before you, for you are root.
skill -KILL -t pts/###
Note that you will have to replace ### with user’s pts number.
7. Check if there’s any jailshell process running and if so, kill the process. If none, you may run the following bash one liner in order to fix this issue:
Remove all user’s jailed shell environment
for i in `cat /proc/mounts|awk '/virtfs/ {print $2}'`; do umount $i;done
or
Remove a user’s jailed shell environment
To unmount the VirtFS BIND mounts, run the following command, where username is the desired account username:
umount /home/virtfs/username/usr/bin
8. You can run the /scripts/clear_orphaned_virtfs_mounts script to unmount the BIND mounts for users who no longer exist or who no longer use a jailed shell environment.
This script removes the /home/virtfs/username/ directory and its contents, where username is an affected account’s username.
To force the removal of all VirtFS mount points, run the following command
/scripts/clear_orphaned_virtfs_mounts --clearall
Finally to check your system for VirtFS mount points, run the following command, where username is the desired account username:
grep -i username /proc/mounts
After running the command check the disk usage of the virtfs by running the command.
du -sch /home/virtfs/