Hacked accounts not removed. CageFS trow error
Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and cPanel
  1. Morten
  2. Wednesday, 06 November 2019
  3.  Subscribe via email
When doing updates on the server I notice from time to time some .cagefs files that are not updated and trow errors like these:

Removed file /var/cagefs/46/username/etc/profile.d/alt_mod_passenger.sh
Removed file /var/cagefs/46/username/etc/profile.d/alt_mod_passenger.sh-5.3.7-6.el6.cloudlinux
Updating user jomonaxa ...
Removed file /var/cagefs/96/username2/etc/profile<type 'exceptions.OSError'>: [Err code 13] Permission denied: '/home/username2/.cagefs'
<type 'exceptions.OSError'>: [Err code 13] Permission denied: '/home/username3/.cagefs'
.d/alt_mod_passenger.sh

When checking these accounts, they are removed in cPanel and does not exist.
But they exist on the servers home folder:

[email protected]:/home/username# ls -la
total 88K
d--------- 5 root root 4.0K Dec 18 2018 ./
drwx--x--x. 957 root root 68K Nov 6 01:32 ../
drwxrwx--x 2 username username 4.0K Dec 4 2018 .cagefs/
drwxr-xr-x 2 username username 4.0K Dec 18 2018 .cl.selector/
drwxr-x--- 3 username nobody 4.0K Dec 3 2018 public_html/

Is there something you can do to fix these old accounts/folders? Is there a script or some notification that can be made so it's possible to cleanup these old accounts/folders?
Rate this post:
  1. 06.11.2019 01:11:38
  2. # 1
Morten Accepted Answer
Posts: 104
Joined: 16.04.2014
0
Votes
Undo
Actually I checked many accounts and many of them are not hacked. Maybee it has been a old bug or something in cPanel that did not remove them as they should.
But any tips on how to check all servers and fix those cagefs errors would be great.
  1. 06.11.2019 10:11:49
  2. # 2
Sergey Khristich Accepted Answer
Posts: 136
Joined: 20.05.2019
0
Votes
Undo
Hello Morten! Thank you for reaching out! Try to run:

cagefsctl --clean-var-cagefs

Also, check pls: user and group must be the same.
If the error repeats then сan you open a support ticket https://cloudlinux.zendesk.com/hc/en-us/requests/new so we can take a closer look at your system? You can post the ticket number here and we'll link this thread to it. Thank you.
Marketing Manager
  1. 06.11.2019 11:11:11
  2. # 3
Morten Accepted Answer
Posts: 104
Joined: 16.04.2014
0
Votes
Undo
That command will only clean .cagefs/var folders:
clean /var/cagefs directory (remove data of non-existent users)

But the user does still exist after running that command:
[email protected]:/home/username2 # ls -la
total 84K
d--------- 4 root root 4.0K Nov 6 02:01 ./
drwx--x--x. 957 root root 68K Nov 6 01:32 ../
drwxrwx--x 2 username2 username2 4.0K Jan 1 2019 .cagefs/
drwxr-xr-x 2 username2 username2 4.0K Jan 18 2019 .cl.selector/
  1. 06.11.2019 16:11:29
  2. # 4
Sergey Khristich Accepted Answer
Posts: 136
Joined: 20.05.2019
0
Votes
Undo
It also shows that you have the owner in the output in the directory /home/username (not the user but root). You need to register the correct owner. And if the account is deleted, then you need to check that the user is not in /etc/passwd
Marketing Manager
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.