One thing I'm trying to understand is why a email pipe would need write access to the file system:cPanel wrote:The virtfs system, which provides the restricted filesystem used for jailshell, has undergone a complete overhaul and now offers the following enhancements for users who have their shell set to ‘noshell’ or ‘jailshell’:
**Filesystems mounted within virtfs are now mounted nosuid.
**Most Filesystems mounted within virtfs are now mounted read-only on CentOS 6, CloudLinux 6, RHEL 6, or later
**The mail delivery system has been updated to be aware of jailshell and now runs all piped deliveries though jailshell
**Users of mod_ruid2 can now enable “Jailed apache” support which will chroot() each virtual host into their virtfs.
**Cron jobs are now run with jailshell.
When all of these system are enabled, they work together to provide a significant improvement in user segmentation. This can help reduce the risk of a compromised site and affecting others.
[text]
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
pipe to |/home/user/public_html/email_proc.php
generated by email@domain.com
The following text was generated during the delivery attempt:
------ pipe to |/home/user/public_html/email_proc.php
generated by email@domain.com ------
2013-12-24 10:36:27 [6] Cannot open main log file "/var/log/exim_mainlog": Read-only file system: euid=0 egid=32007
2013-12-24 10:36:27 [6] cwd=/home/user/public_html/ 5 args: /usr/sbin/sendmail -t -i -f email@domain.com
2013-12-24 10:36:27 [6] Cannot open main log file "/var/log/exim_mainlog": Read-only file system: euid=0 egid=32007
exim: could not open panic log - aborting: see message(s) above
[/text]
If I run this script via Apache and feed it input from a text file instead of getting piped from email it works fine. There is just something going on between piping the data and executing the script. Does anyone have any insight into this problem or any ideas how to bypass it?