CloudLinux CageFS
CageFS is a virtualized file system and a set of tools that isolate each user in its own “cage”. It is developed by CloudLinux OS, which is a Linux-based operating system designed for web hosting servers.
CageFS prevents users from seeing each other and accessing sensitive information, such as system files, tools, etc. It also protects the server from various attacks, such as privilege escalation and information disclosure.
CageFS is transparent to the users and does not require any changes to their scripts or applications. It works with various web hosting control panels, such as cPanel, Plesk, DirectAdmin, etc.
CageFS Installation
mkdir /home/cagefs-skeleton
ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
yum install cagefs
/usr/sbin/cagefsctl --init
Go to
cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories
Change the value to blank (not default “home”). Without changing this option, cPanel will create new accounts in incorrect places.
On saving, you get
Modifying “Home Directory Prefix” from “home” to “”.
Enable CageFS
/usr/sbin/cagefsctl --enable-all
Manage CageFS
/usr/sbin/cagefsctl --list-enabled
/usr/sbin/cagefsctl --list-disabled
/usr/sbin/cagefsctl --display-user-mode
Updating Software
After php.ini or software change, run
cagefsctl --update
Or if you have recently updated, run
cagefsctl --force-update
Allow Software in CageFS
To allow ffmpeg, mplayer, etc.. create file
vi /etc/cagefs/conf.d/vshare.cfg
Add
[vshare]
comment=vShare Youtube Clone Requirements
paths=/usr/bin/ffmpeg, /usr/bin/mencoder, /usr/bin/mplayer, /usr/bin/flvtool2, /usr/bin/lame, /usr/bin/yamdi, /usr/bin/qt-faststart
vi /etc/cagefs/conf.d/git.cfg
Add
[git]
comment=Git tools
paths=/usr/bin/git,/usr/share/git-core,/usr/bin/git-receive-pack,/usr/bin/git-upload-pack,/usr/bin/git-pull,/usr/bin/git,/usr/bin/git-cvsserver,/usr/bin/git-upload-archive,/usr/bin/gitk,/usr/bin/git-shell, /usr/libexec/git-core/
See cloudlinux