BuycPanel Blog

BuycPanel Blog

Latest news and updates

What is the VirtFS – Jailed Shell?

Posted by Allura on 19 02 2019.

VirtFS is used by cPanel and WHM to provide a jailed and shielded environment for all those users who connect to a server via SSH. This jailed shell functions as a container for all the users and does not permit them to access the home directories present on the server of other users.The additional properties of VirtFS are as follows:This jailed shell environment enhances the security for the other users using the server, quite unlike other ordinary shell environments.
Every user in a jailed shell environment can run otherwise, the commands which are usually unavailable. For instance, passwd andCentos6 and older support at most 256 jail shell users on systems that specifically use the apache mod_ruid2 module. The most significant warning to keep in mind while accessing the VirtFS is that make sure you do not make use of the rm command in order to remove any mounted file…

VirtFS is used by cPanel and WHM to provide a jailed and shielded environment for all those users who connect to a server via SSH. This jailed shell functions as a container for all the users and does not permit them to access the home directories present on the server of other users.

The additional properties of VirtFS are as follows:

  • This jailed shell environment enhances the security for the other users using the server, quite unlike other ordinary shell environments.
  • Every user in a jailed shell environment can run otherwise, the commands which are usually unavailable. For instance, passwd and

Centos6 and older support at most 256 jail shell users on systems that specifically use the apache mod_ruid2 module. The most significant warning to keep in mind while accessing the VirtFS is that make sure you do not make use of the rm command in order to remove any mounted file or directories within the /home / virtfs / directory.

When the user logs in to a jailed shell environment via SSH or SFTP for the very first time, the system automatically creates the /home/ virtfs / directory. This particular directory consists of the utilities, configuration files and the BIND mounts.

Few other things to keep in mind have been enlisted below:

  • Prevention of the creation of the aforementioned directory or disabling it is not allowed.
  • Disk space is not utilized by the directory. However, since it is a virtual mount point, certain commands such as du report that the directory might be using some space.
  • A virtual link is created between two locations on the file system by the BIND mounts. For instance, if the contents of home / virtfs / username / usr / bin / directory are viewed by the user- he can automatically see the contents of usr / bin / directory.
  • For additional information regarding the BIND mounts, one can run the man 8 mount command.

Enabling the jailed shell environment

Two options are available and provided by WHM for enabling the jailed shell environment. For enabling it for the new and modified users, it’s recommended to use the cPanel jail shell by default option present in the Tweak Settings interface of WHM. In order to enable it for a particular user, use the Manage Shell Access interface provided by WHM.