CloudLinux CageFS

CageFS is a virtualized file system and a set of tools that isolate each user in its own “cage”. It is developed by CloudLinux OS, which is a Linux-based operating system designed for web hosting servers.

CageFS prevents users from seeing each other and accessing sensitive information, such as system files, tools, etc. It also protects the server from various attacks, such as privilege escalation and information disclosure.

CageFS is transparent to the users and does not require any changes to their scripts or applications. It works with various web hosting control panels, such as cPanel, Plesk, DirectAdmin, etc.

CageFS Installation

mkdir /home/cagefs-skeleton
ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
yum install cagefs
/usr/sbin/cagefsctl --init

mkdir /home/cagefs-skeleton

ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton

yum install cagefs

/usr/sbin/cagefsctl --init

Go to

cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories

1	cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories

Change the value to blank (not default “home”). Without changing this option, cPanel will create new accounts in incorrect places.

On saving, you get

Modifying “Home Directory Prefix” from “home” to “”.

1	Modifying “Home Directory Prefix” from “home” to “”.

Enable CageFS

/usr/sbin/cagefsctl --enable-all

1	/usr/sbin/cagefsctl --enable-all

Manage CageFS

/usr/sbin/cagefsctl --list-enabled
/usr/sbin/cagefsctl --list-disabled
/usr/sbin/cagefsctl --display-user-mode

/usr/sbin/cagefsctl --list-enabled

/usr/sbin/cagefsctl --list-disabled

/usr/sbin/cagefsctl --display-user-mode

Updating Software

After php.ini or software change, run

cagefsctl --update

1	cagefsctl --update

Or if you have recently updated, run

cagefsctl --force-update

1	cagefsctl --force-update

Allow Software in CageFS

To allow ffmpeg, mplayer, etc.. create file

vi /etc/cagefs/conf.d/vshare.cfg

1	vi /etc/cagefs/conf.d/vshare.cfg

Add

[vshare]
comment=vShare Youtube Clone Requirements
paths=/usr/bin/ffmpeg, /usr/bin/mencoder, /usr/bin/mplayer, /usr/bin/flvtool2, /usr/bin/lame, /usr/bin/yamdi, /usr/bin/qt-faststart

[vshare]

comment=vShare Youtube Clone Requirements

paths=/usr/bin/ffmpeg, /usr/bin/mencoder, /usr/bin/mplayer, /usr/bin/flvtool2, /usr/bin/lame, /usr/bin/yamdi, /usr/bin/qt-faststart

vi /etc/cagefs/conf.d/git.cfg

1	vi /etc/cagefs/conf.d/git.cfg

Add

[git] 
comment=Git tools 
paths=/usr/bin/git,/usr/share/git-core,/usr/bin/git-receive-pack,/usr/bin/git-upload-pack,/usr/bin/git-pull,/usr/bin/git,/usr/bin/git-cvsserver,/usr/bin/git-upload-archive,/usr/bin/gitk,/usr/bin/git-shell, /usr/libexec/git-core/

[git]

comment=Git tools

paths=/usr/bin/git,/usr/share/git-core,/usr/bin/git-receive-pack,/usr/bin/git-upload-pack,/usr/bin/git-pull,/usr/bin/git,/usr/bin/git-cvsserver,/usr/bin/git-upload-archive,/usr/bin/gitk,/usr/bin/git-shell, /usr/libexec/git-core/

See cloudlinux

Leave a Reply Cancel reply