The cPanel & WHM makes use of VirtFS in providing a jailed shell environment. It is for the users who connect via SSH to a server. This shell acts as a container for the user and prevents the user to access other users’ home directories on the server.
CentOS 6 and older supports 256 jail shell users to a maximum extent on the systems which use the Apache_ruid2 module.
One must not use the rm command to remove any mounted file within this directory. If a user, runs the rm command within it, one will also delete all the files in the directory in which it is mounted. This will render the server nonfunctional.
When for the first time a jailed shell environment via SSH or SFTP is logged in by a user, the system creates the /home/virtfs/ directory. It contains configuration files, utilities, and BIND mounts.
WHM includes two options in order to activate a jailed shell environment. The option used, depends on the type of users for whom one desires to enable jailed shells.
In order to enable a jailed shell environment for all new and modified users, one can use the Use cPanel® jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
One can use WHM’s Manage Shell Access interface (WHM >> Home >> Account Functions >> Manage Shell Access) in order to enable a jailed shell environment for a specific user. When one enables this jailed shell for a user, the user shell is all set by the system to the /usr/local/cpanel/bin/jailshell location.
The Exim runs any process from alias or filter files inside VirtFS when a user’s shell location is /usr/local/cpanel/bin/jailshell (jailed shell is enabled) or /usr/local/cpanel/bin/noshell (all shells are disabled). This action gives extra security as Exim commands run in a jailed shell and there is no affect on other users.
There is a possibility of an alert resembling the example given below when a utility is used that monitors system changes like CFS or LFD. One may view an alert resembling the following example after it is upgraded:
The following list of files has FAILED the md5sum comparison test. This means that the file has been changed in some way.
This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
However its a false positive warning. cPanel & WHM makes use of the /bin/crontab and /bin/passwd symlinks to link the files in the /usr/bin directory. These symlinks grants jailed shell environments to allow the access of crontab and passwd commands.
All information on the jailed shell environment is outlined in this review.