Excessive Disk Use
One of my clients is (properly) receiving a disk space warning message. His quota is 5,000MB and when he logs into CPanel he gets the warning that he is using 4052MB. The disk usage option states that the majority of teh disk use is in "Other Usage"" (3675MB) and further states that "The files outside of your home directory, the metadata that the system uses to store email in the mail directory, the email in Trash folders, or the files that you do not have permission to access."
What exactly are these files and where exactly are they located? I would like to clean them up.
-
As it says "the email in Trash folders,"....so if you login to the email accounts and check the Trash folder you can probably free up some space. Also have a look at the default email account cos emails are usually piles up there as well. 0 -
It also says "or the files that you do not have permission to access ". Zero bytes in default and trash. 0 -
It's fairly non-standard to have a LOT of files outside of the user's homedir but owned by the user. Where are you finding most of these when running the commands to find them added in the linked thread? 0 -
Resurrecting this thread. It is happening again... "Email account storage may occupy less space on the disk if you use compression or hard-link optimizations designed to save space. Email account storage does not include the metadata that the system uses to store email. "The files outside of your home directory, the metadata that the system uses to store email in the mail directory, the email in Trash folders, or the files that you do not have permission to access. Files in home directory. 0.10 MB Files in hidden subdirectories. 83.93 MB __sub_mobile/ 0.86 MB _includes/ 0.02 MB _templates/ 0.17 MB etc/ 18.89 MB public_ftp/ 0.00 MB ssl/ 0.23 MB var/ 0.00 MB Mailing Lists 2.60 MB Email Archives 0.00 MB * Contained in the mail directory. 18.65 MB * Contained in the mail directory. Other Usage" 700.53 MB 905.27 MB total disk space used. 5,000.00 MB quota limit (905.27 MB used). 0 -
There sure is! find / -user username > output.txt
That will scan the entire server and look for files owned by the "username" you specify, and send the output to the output.txt file. You can then look through that list for things outside of /home/username to see if there is anything out of the ordinary.0 -
When I ran that I got teh following ... [root@xxxxxxxx ~]# find / -user myuser > file.txt find: "/proc/8056/task/8056/fd/6": No such file or directory find: "/proc/8056/task/8056/fdinfo/6": No such file or directory find: "/proc/8056/fd/5": No such file or directory find: "/proc/8056/fdinfo/5": No such file or directory Then in file.txt were these lines that made no sense to me... /proc/7737 /proc/7737/task /proc/7737/task/7737 /proc/7737/task/7737/net /proc/7737/task/7737/attr /proc/7737/net /proc/7737/attr /proc/7791 /proc/7791/task /proc/7791/task/7791 /proc/7791/task/7791/net /proc/7791/task/7791/attr /proc/7791/net /proc/7791/attr As well as these (where all of these virtfs/XXX are other current, or former user accounts that have long ago been deleted and are no longer on this box). I have no idea hwy any user would have a /var/spool/cron underneath another user. /home/virtfs/sporty/var/spool/cron/myuser /home/virtfs/afdc/var/spool/cron/myuser /home/virtfs/bammy/var/spool/cron/myuser /home/virtfs/betme/var/spool/cron/myuser /home/virtfs/lickit/var/spool/cron/myuser /home/virtfs/emptyme/var/spool/cron/myuser /home/virtfs/gself2/var/spool/cron/myuser /home/virtfs/gself1/var/spool/cron/myuser /home/virtfs/rvapucks/var/spool/cron/myuser /home/virtfs/pjslack/var/spool/cron/myuser /home/virtfs/coinman/var/spool/cron/mrbill 0 -
Is there a command (flag) that would list the file size / disk space used by each item in the output file from above? 0 -
Thank you. I am still puzzled at these entries... /home/virtfs/user1/var/spool/cron/targetuser /home/virtfs/user2/var/spool/cron/targetuser /home/virtfs/user3 /var/spool/cron/targetuser Why would targetuser have anything in the user1, user2, and user3 structures? 0 -
Also what are thw consequences fo doing this? To force the removal of all VirtFS mount points, run the following command, where username is an account"s username: /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall 0 -
Nothing bad will happen from running that command as that will detect users that no longer exist and clear up virtfs mounts that no longer need to be there. If the users need that again in the future, it will get recreated as part of the jailshell structure as needed. I couldn't reproduce the odd user structure for /var/spool/cron under virtfs on my test server, so we may need to check your machine directly if you wanted some more details on that. 0 -
Thanks again, especially for the quick reply. As far as the commend I asked about, I may have cut/paste incorrectly. I was interested in the command that purges ALL VirtFS mount points. It appears to me that running this will clear up those odd ball items, but I am concerned as to what impact it will have on my live valid users. Lastly do you have hints as to where to start investigating where the oddball user structures came form and how to prevent them going forward. 0 -
OK thanks. Per that page your referenced, I should go ahead and run this? /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall This would force remove ALL VirtFS mount points, then any that are valid will be recreated as needed? Apologies if I am asking the same thing repeatedly. Sometimes this is a tad confusing to me and I want to ensure I fully comprehend the process. If this is the case, I will go ahead and run that command, then watch to see what happens going forward as far as the anamolies go. I wil try to keep an eye on that and see if yhey get recretd at some point, if so tI'll ry to identify the event that is causing that to happen. 0 -
No need to apologize for asking for additional clarification - it's better to know for sure than to try and guess with command line, and that's what we're here for. That would only remove any that are detected as being orphaned, where users no longer exist so the mount point isn't necessary. There isn't an automated way to remove them all. You'd need to go into WHM and disable shell for all users, and then run this for each user you want to disable: umount /home/virtfs/username/usr/bin
You could script that to read from a list of users if you wanted to make that semi-automated.0 -
OK thanks for the clarification. Now I am a bit confused. Here is my setup... WHM : Account Information : List accounts: All accounts use the same package (my_package) WHM : Packages : Edit a Package : my_package - Settings : Options: Shell Access NOT checked WHM : Security Center : Security Advisor - jailed Apache is enabled WHM : Tweak Settings : Security - EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell. ON Does any of that seem abnormal or relevant to the discussion at hand? I would think that the second setting above deems that shell is already disabled for all users. My intention is to have no shell access for any users, none of my users have any need for shell. Should I also disable the EXPERAMENTAL setting (4th setting above)? 0 -
That second option where you have "Options: Shell Access NOT checked" would indicate that by default when the account gets added to that package, it wouldn't have shell access. But, it's easy to check and verify this by using the WHM >> Manage Shell Access page to confirm that wasn't altered at a later date. The Experimental option would be related, so you can disable that as well. 0 -
WHM > Account Functions > Manage Shell Access - all accounts are set to Disable Shell. Flipped thw Tweak Settings Experimental setting to DISABLED and now when I run security advisor I get the following as a critical warning: Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the " 0 -
What PHP handler are you using? 0 -
After all of that and running /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall, all of the entries under /home/virtfs are gone 0 -
What PHP handler are you using? WHM : Tweak Settings : PHP : cPanel PHP loader? ioncube 0 -
Nice! I'm guessing it saw them all as being in an "orphaned" state once you disabled all the jailed settings. That would be the internal handler for cPanel. The public PHP would be found in WHM >> MutliPHP Manager under the handler tab. 0 -
PHP Version: PHP 7.3 (ea-php73) PHP handler: cgi 0 -
There we go - that's what I wanted to see. Unless you've changed from the default settings, you'd have CGI with ruid2 already in place. The Security Advisor tool is just letting you know the most optimal security settings, but I'd be surprised if you didn't have ruid2 in there already. You can check in EasyApache or on the command line with this: rpm -qa | grep ruid
0 -
Looks like we are good... ea-apache24-mod_ruid2-0.9.8-19.19.18.cpanel.x86_64 0 -
Cool - so having that in place is just one aspect of the warning referenced in Security Advisor. For the ultimate solution, the private CageFS setup through CloudLinux is the way to go, but obviously at an additional cost. 0 -
It would be great if the programmers who wrote the script would fix it so that it would not giev out false alarms liek this one! :) 0 -
Can you get me more detail on the "false alarms" - I'd be happy to offer clarification or see if we can get that adjusted. 0
Please sign in to leave a comment.
Comments
29 comments