Skip to main content

Excessive Disk Use

Comments

29 comments

  • andrew.n
    As it says "the email in Trash folders,"....so if you login to the email accounts and check the Trash folder you can probably free up some space. Also have a look at the default email account cos emails are usually piles up there as well.
    0
  • PCZero
    It also says "or the files that you do not have permission to access ". Zero bytes in default and trash.
    0
  • whipworks
    This has been an ongoing issue and wish there was a proper fix for users who don't have that much technical know-how to go abouts with it. User would access their CPanel account, check the Disk Usage section and see that "Other Usage" content taking up space. Check this link and see if it helps -
    0
  • cPanelLauren
    It's fairly non-standard to have a LOT of files outside of the user's homedir but owned by the user. Where are you finding most of these when running the commands to find them added in the linked thread?
    0
  • PCZero
    Resurrecting this thread. It is happening again... "Email account storage may occupy less space on the disk if you use compression or hard-link optimizations designed to save space. Email account storage does not include the metadata that the system uses to store email. "The files outside of your home directory, the metadata that the system uses to store email in the mail directory, the email in Trash folders, or the files that you do not have permission to access.
    Files in home directory. 0.10 MB
    Files in hidden subdirectories. 83.93 MB
    __sub_mobile/ 0.86 MB
    _includes/ 0.02 MB
    _templates/ 0.17 MB
    etc/ 18.89 MB
    public_ftp/ 0.00 MB
    ssl/ 0.23 MB
    var/ 0.00 MB
    Mailing Lists 2.60 MB
    Email Archives 0.00 MB * Contained in the mail directory.
    18.65 MB * Contained in the mail directory.
    Other Usage" 700.53 MB
    905.27 MB total disk space used.
    5,000.00 MB quota limit (905.27 MB used).
    I cannot figure this out to save my soul. Is there anyt8ing I can run at a command prompt to find all these 'other usage' files?
    0
  • cPRex Jurassic Moderator
    There sure is! find / -user username > output.txt
    That will scan the entire server and look for files owned by the "username" you specify, and send the output to the output.txt file. You can then look through that list for things outside of /home/username to see if there is anything out of the ordinary.
    0
  • PCZero
    When I ran that I got teh following ... [root@xxxxxxxx ~]# find / -user myuser > file.txt find: "/proc/8056/task/8056/fd/6": No such file or directory find: "/proc/8056/task/8056/fdinfo/6": No such file or directory find: "/proc/8056/fd/5": No such file or directory find: "/proc/8056/fdinfo/5": No such file or directory Then in file.txt were these lines that made no sense to me... /proc/7737 /proc/7737/task /proc/7737/task/7737 /proc/7737/task/7737/net /proc/7737/task/7737/attr /proc/7737/net /proc/7737/attr /proc/7791 /proc/7791/task /proc/7791/task/7791 /proc/7791/task/7791/net /proc/7791/task/7791/attr /proc/7791/net /proc/7791/attr As well as these (where all of these virtfs/XXX are other current, or former user accounts that have long ago been deleted and are no longer on this box). I have no idea hwy any user would have a /var/spool/cron underneath another user. /home/virtfs/sporty/var/spool/cron/myuser /home/virtfs/afdc/var/spool/cron/myuser /home/virtfs/bammy/var/spool/cron/myuser /home/virtfs/betme/var/spool/cron/myuser /home/virtfs/lickit/var/spool/cron/myuser /home/virtfs/emptyme/var/spool/cron/myuser /home/virtfs/gself2/var/spool/cron/myuser /home/virtfs/gself1/var/spool/cron/myuser /home/virtfs/rvapucks/var/spool/cron/myuser /home/virtfs/pjslack/var/spool/cron/myuser /home/virtfs/coinman/var/spool/cron/mrbill
    0
  • PCZero
    Is there a command (flag) that would list the file size / disk space used by each item in the output file from above?
    0
  • cPRex Jurassic Moderator
    The "proc" files are likely just temporary processes for that user that were happening while the scan ran. Since they come and go, it's normal to see that output. To fix the issue with VirtFS you'd want to run the command outlined here in the "The clear orphaned VirtFS mounts script"
    0
  • PCZero
    Thank you. I am still puzzled at these entries... /home/virtfs/user1/var/spool/cron/targetuser /home/virtfs/user2/var/spool/cron/targetuser /home/virtfs/user3 /var/spool/cron/targetuser Why would targetuser have anything in the user1, user2, and user3 structures?
    0
  • PCZero
    Also what are thw consequences fo doing this? To force the removal of all VirtFS mount points, run the following command, where username is an account"s username: /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall
    0
  • cPRex Jurassic Moderator
    Nothing bad will happen from running that command as that will detect users that no longer exist and clear up virtfs mounts that no longer need to be there. If the users need that again in the future, it will get recreated as part of the jailshell structure as needed. I couldn't reproduce the odd user structure for /var/spool/cron under virtfs on my test server, so we may need to check your machine directly if you wanted some more details on that.
    0
  • PCZero
    Thanks again, especially for the quick reply. As far as the commend I asked about, I may have cut/paste incorrectly. I was interested in the command that purges ALL VirtFS mount points. It appears to me that running this will clear up those odd ball items, but I am concerned as to what impact it will have on my live valid users. Lastly do you have hints as to where to start investigating where the oddball user structures came form and how to prevent them going forward.
    0
  • cPRex Jurassic Moderator
    There's not a way to permanently remove those as they would be recreated in the future. You could use the following details in a loop to remove them all at once:
    0
  • PCZero
    OK thanks. Per that page your referenced, I should go ahead and run this? /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall This would force remove ALL VirtFS mount points, then any that are valid will be recreated as needed? Apologies if I am asking the same thing repeatedly. Sometimes this is a tad confusing to me and I want to ensure I fully comprehend the process. If this is the case, I will go ahead and run that command, then watch to see what happens going forward as far as the anamolies go. I wil try to keep an eye on that and see if yhey get recretd at some point, if so tI'll ry to identify the event that is causing that to happen.
    0
  • cPRex Jurassic Moderator
    No need to apologize for asking for additional clarification - it's better to know for sure than to try and guess with command line, and that's what we're here for. That would only remove any that are detected as being orphaned, where users no longer exist so the mount point isn't necessary. There isn't an automated way to remove them all. You'd need to go into WHM and disable shell for all users, and then run this for each user you want to disable: umount /home/virtfs/username/usr/bin
    You could script that to read from a list of users if you wanted to make that semi-automated.
    0
  • PCZero
    OK thanks for the clarification. Now I am a bit confused. Here is my setup... WHM : Account Information : List accounts: All accounts use the same package (my_package) WHM : Packages : Edit a Package : my_package - Settings : Options: Shell Access NOT checked WHM : Security Center : Security Advisor - jailed Apache is enabled WHM : Tweak Settings : Security - EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell. ON Does any of that seem abnormal or relevant to the discussion at hand? I would think that the second setting above deems that shell is already disabled for all users. My intention is to have no shell access for any users, none of my users have any need for shell. Should I also disable the EXPERAMENTAL setting (4th setting above)?
    0
  • cPRex Jurassic Moderator
    That second option where you have "Options: Shell Access NOT checked" would indicate that by default when the account gets added to that package, it wouldn't have shell access. But, it's easy to check and verify this by using the WHM >> Manage Shell Access page to confirm that wasn't altered at a later date. The Experimental option would be related, so you can disable that as well.
    0
  • PCZero
    WHM > Account Functions > Manage Shell Access - all accounts are set to Disable Shell. Flipped thw Tweak Settings Experimental setting to DISABLED and now when I run security advisor I get the following as a critical warning: Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "
    0
  • cPRex Jurassic Moderator
    What PHP handler are you using?
    0
  • PCZero
    After all of that and running /usr/local/cpanel/scripts/clear_orphaned_virtfs_mounts --clearall, all of the entries under /home/virtfs are gone
    0
  • PCZero
    What PHP handler are you using? WHM : Tweak Settings : PHP : cPanel PHP loader? ioncube
    0
  • cPRex Jurassic Moderator
    Nice! I'm guessing it saw them all as being in an "orphaned" state once you disabled all the jailed settings. That would be the internal handler for cPanel. The public PHP would be found in WHM >> MutliPHP Manager under the handler tab.
    0
  • PCZero
    PHP Version: PHP 7.3 (ea-php73) PHP handler: cgi
    0
  • cPRex Jurassic Moderator
    There we go - that's what I wanted to see. Unless you've changed from the default settings, you'd have CGI with ruid2 already in place. The Security Advisor tool is just letting you know the most optimal security settings, but I'd be surprised if you didn't have ruid2 in there already. You can check in EasyApache or on the command line with this: rpm -qa | grep ruid
    0
  • PCZero
    Looks like we are good... ea-apache24-mod_ruid2-0.9.8-19.19.18.cpanel.x86_64
    0
  • cPRex Jurassic Moderator
    Cool - so having that in place is just one aspect of the warning referenced in Security Advisor. For the ultimate solution, the private CageFS setup through CloudLinux is the way to go, but obviously at an additional cost.
    0
  • PCZero
    It would be great if the programmers who wrote the script would fix it so that it would not giev out false alarms liek this one! :)
    0
  • cPRex Jurassic Moderator
    Can you get me more detail on the "false alarms" - I'd be happy to offer clarification or see if we can get that adjusted.
    0

Please sign in to leave a comment.