CageFS is a virtualized file system and a set of tools that isolate each user in its own “cage”. It is developed by CloudLinux OS, which is a Linux-based operating system designed for web hosting servers.
CageFS prevents users from seeing each other and accessing sensitive information, such as system files, tools, etc. It also protects the server from various attacks, such as privilege escalation and information disclosure.
CageFS is transparent to the users and does not require any changes to their scripts or applications. It works with various web hosting control panels, such as cPanel, Plesk, DirectAdmin, etc.
CageFS Installation
mkdir /home/cagefs-skeleton
ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
yum install cagefs
/usr/sbin/cagefsctl --initGo to
cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directoriesChange the value to blank (not default “home”). Without changing this option, cPanel will create new accounts in incorrect places.
On saving, you get
Modifying “Home Directory Prefix” from “home” to “”.Enable CageFS
/usr/sbin/cagefsctl --enable-allManage CageFS
/usr/sbin/cagefsctl --list-enabled
/usr/sbin/cagefsctl --list-disabled
/usr/sbin/cagefsctl --display-user-modeUpdating Software
After php.ini or software change, run
cagefsctl --updateOr if you have recently updated, run
cagefsctl --force-updateAllow Software in CageFS
To allow ffmpeg, mplayer, etc.. create file
vi /etc/cagefs/conf.d/vshare.cfgAdd
[vshare]
comment=vShare Youtube Clone Requirements
paths=/usr/bin/ffmpeg, /usr/bin/mencoder, /usr/bin/mplayer, /usr/bin/flvtool2, /usr/bin/lame, /usr/bin/yamdi, /usr/bin/qt-faststart
vi /etc/cagefs/conf.d/git.cfg
Add
[git]
comment=Git tools
paths=/usr/bin/git,/usr/share/git-core,/usr/bin/git-receive-pack,/usr/bin/git-upload-pack,/usr/bin/git-pull,/usr/bin/git,/usr/bin/git-cvsserver,/usr/bin/git-upload-archive,/usr/bin/gitk,/usr/bin/git-shell, /usr/libexec/git-core/
See cloudlinux
Leave a Reply