Jailshell virtfs

NEVER DELETE ANY FILES FROM /home/virtfs/

/home/virtfs is used to chroot the user into jailed shell. CPanel will mount the needed directories for the user when he enters jailshell. Since the folders are mounted, they share the same inode and hence deleting the virtfs files/directory means you are deleting the actual data.

Eg:

When a user named “cpuser” enters into the jailshell, the following mounts are done by the cpanel.

root@server [~]# cat /proc/mounts  | grep virtfs| grep henry
/dev/root /home/virtfs/cpuser/lib ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/opt ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/lib64 ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/lib ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/lib64 ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/sbin ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/share ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/bin ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/man ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/X11R6 ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/kerberos ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/libexec ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/bin ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/share ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/Zend ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/IonCube ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/include ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/lib ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/var/spool ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/var/lib ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/var/cpanel ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/usr/local/cpanel/Cpanel ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/var/run ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/root /home/virtfs/cpuser/var/log ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev/loop0 /home/virtfs/cpuser/tmp ext3 rw,seclabel,nosuid,noexec,relatime,errors=continue,data=writeback 0 0
/dev/root /home/virtfs/cpuser/bin ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0
/dev /home/virtfs/cpuser/dev tmpfs rw,seclabel,relatime,mode=755 0 0
/proc /home/virtfs/cpuser/proc proc rw,relatime 0 0
/dev/root /home/virtfs/cpuser/home/cpuser ext3 rw,seclabel,relatime,errors=continue,user_xattr,acl,data=writeback,usrquota 0 0

Now create a file

root@erver [~]# touch /lib64/testhenry

See the inodes of the file in the both path. They are same.

root@hawk [~]# ls -li /home/virtfs/cpuser/lib64 | grep henry

3867023 -rw-r–r–  1 root root       0 Feb  4 00:34 testhenr

root@server [~]# ls -li /lib64/ | grep henry

3867023 -rw-r–r–  1 root root       0 Feb  4 00:34 testhenry

Now when the user logs out these mounts will not be umounted in most cases. In this case, we can umount this as follows.

for i in `cat /proc/mounts  | grep virtfs | awk {‘print $2’}`; do echo “Umounting $i”; umount $i; done

* IMPORTANT!!!!

During account/server transfer or HDD copy, we need to make sure you have unmounted all the virtfs during the /home rsync because the virtfs flies are copied over to the new server as well. This will cause the / folders such as /lib64, /usr/lib64, /usr/lib etc copied over multiple times. If there are more virtfs mounts, each time the rsync copies the /home/virtfs/username folder the / folders are copied over. This will make a big overhead suring the server transfer. So always umount the virtfs folders when you do the home rsync. A good option is to give the rsync command as follows which will make sure it will skip /home/virtfs.

rsync -vrplogDtH –exclude  ‘virtfs’

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: