Safely Removing virtfs on a cPanel Server

2.9/5 - (42 votes)

If you’re on a cPanel server, you’ve probably noticed a sizable folder called ‘virtfs’ sitting in /home, which would appear at first to be using a ton of space. Your first inclination might be to delete it, but don’t! Most likely, the files in that folder are actually just hard links or bind mounts and aren’t actually taking up any space. Moreso, deleting files in this folder could seriously break your server.

The virtfs folder is used by cPanel’s jailshell implementation, which is intended to help secure the user’s environment by restricting what they can see when logged into the server via SSH. On a Linux system, there are some files that need to be readable by every user on the server in order for the users to be able to do basic things such as logging in and accessing files. In environments where you might have users that are strangers to each other, such as on a shared hosting server, this exposes the presence of other users on the system, which can lead to privacy and security issues.

So, here comes jailshell to the rescue. When a user is set to use jailshell, certain files and folders are mounted into /home/virtfs for that user, then jailshell restricts that user to those mounted files. The files are created and mounted the first time a user invokes jailshell in any way, most commonly via SSH or cron job.

And THIS is why deleting those files is a bad idea: Let’s say you see something like /home/virtfs/user/user/bin/something. That file is a hard link to /usr/bin/something, so if you delete the one in virtfs, you’ll also be deleting the one in /usr/bin on the server.

There are a couple cases where you might want to delete the virtfs folder, though. For one, maybe its presence just bothers you. It happens. Second, we have seen a few cases where the files in virtfs are actually copies of the links they previously pointed to rather than being links themselves, which means it is possible for files in virtfs to occupy space. We’ve only really seen this happen in situations where the /home folder on a server was improperly migrated or copied to another location.

So, if you want to delete the virtfs folder, it can be done, but it’s a process. As always, follow these instructions at your own risk, and if you don’t understand what you’re doing, feel free to open a ticket with our team to handle this for you.

1) Disable Jailshell

Make sure none of your users are using jailshell. You can set them to the normal shell via WHM -> Manage Shell Access, or from command line:

replace /usr/local/cpanel/bin/jailshell /bin/bash — /etc/passwd

Don’t forget the crons as well:

replace /usr/local/cpanel/bin/jailshell /bin/bash — /var/spool/cron/*

service crond reload

(Note that the WordPress formatting might change the way the command looks – that is a double dash before the filename)

2) Clear the virtfs mounts

You’ll want to make sure users are logged out. Run the following command, and kill any processes that are returned:

ps aufx |grep username  |grep jailshell

Then clear the mounts:

/scripts/clear_orphaned_virtfs_mounts –clearall

You’ll want to check /proc/mount for any sign of virtfs. If you see any lines in that file, run the following command against the user(s) indicated:

for i in `grep virtfs /proc/mounts |grep $user |awk ‘{print$2}’`; do umount $i; done

(replace $user with the username, obviously)

3) Remove virtfs

If you want to remove virtfs entirely, or start off with a “clean” virtfs, I would recommend first removing the hard links, then deleting the rest. Even though the folder should be completely unmounted, there may still be hard links present, which is why I suggest this extra step.

Run this command to output all the hard links to a file:

cd /home/virtfs ; find . -type f -links +1 -printf ‘%p\n’ > link_list

This command is basically looking for any file that has more than 1 link to it. Now loop against those files to unlink them:

for file in `cat link_list` ; do echo $file ; unlink “$file” ; done

Anything remaining in the virtfs folder should now be an actual file or folder rather than a link to one, and can be safely deleted. To be on the safe side though, we recommend that you make a copy of the files before removing them from the server.

rm -rf /home/virtfs

You may need to go through and do this for each user on the server if you’re not able to delete the whole folder. It is also possible for you to get a “file or resource busy” type of error when doing this, and this is usually because some process on the system might still be accessing files in virtfs. The safest way to address this is to move virtfs out of the way, then reboot your server:

mv /home/virtfs /home/delete_virtfs

Then reboot, and delete /home/delete_virtfs. Note that usually when we do this for our clients, we’ll remove everything except the “busy” files (which are almost always the usr and var folders) and just leave the folder there. After all, at this point it isn’t doing anything or taking up space.

If you want to reinstate the virtfs folder, all you need to do is change the users’ shells back to jailshell, and the mounts will be created the next time the user logs in.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Log in