CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc...
The benefits of CageFS are:
• Only safe binaries are available to user
• User will not see any other users, and would have no way to detect presence of other users & their user names on the server
• User will not be able to see server configuration files, such as Apache config files.
• User's will have limited view of /proc file system, and will not be able to see other' users processes
At the same time, user's environment will be fully functional, and user should not feel in any way restricted. No adjustments to user's scripts are needed. CageFS will cage any scripts execution done via:
• Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
• LiteSpeed Web Server
• Cron Jobs
• SSH
• Any other PAM enabled service
CageFS is available with Cloudlinus OS. This is available as a plugin in WHM. You can initialize cloudlinux. Once installed from WHM, you can go to CAGEFS user manual and disable/enable it.
Cagefs Commands
cagefsctl --user-status=USERNAME returns true if cagefs is enabled for user
cagefsctl --cagefs-status returns true if cagefs is enabled
cagefsctl --update-list accepts list of files as input stream, one per line and updates those files in cagefs template
Cagefs create mysql.sock symlink in the location "/home/USERNAME/.cagefs/tmp/mysql.sock". Do not delete this symlink.
This symlink will be pointing to "/var/lib/mysql/mysql.sock"
=-=-=--=-==-
ls -la '/home/USERNAME/.cagefs/tmp/mysql.sock'
lrwxrwxrwx 1 root nobody 25 Mar 5 19:33 /home/USERNAME/.cagefs/tmp/mysql.sock -> /var/lib/mysql/mysql.sock
--=-=-==-=-=-
The benefits of CageFS are:
• Only safe binaries are available to user
• User will not see any other users, and would have no way to detect presence of other users & their user names on the server
• User will not be able to see server configuration files, such as Apache config files.
• User's will have limited view of /proc file system, and will not be able to see other' users processes
At the same time, user's environment will be fully functional, and user should not feel in any way restricted. No adjustments to user's scripts are needed. CageFS will cage any scripts execution done via:
• Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
• LiteSpeed Web Server
• Cron Jobs
• SSH
• Any other PAM enabled service
CageFS is available with Cloudlinus OS. This is available as a plugin in WHM. You can initialize cloudlinux. Once installed from WHM, you can go to CAGEFS user manual and disable/enable it.
Cagefs Commands
cagefsctl --user-status=USERNAME returns true if cagefs is enabled for user
cagefsctl --cagefs-status returns true if cagefs is enabled
cagefsctl --update-list accepts list of files as input stream, one per line and updates those files in cagefs template
Cagefs create mysql.sock symlink in the location "/home/USERNAME/.cagefs/tmp/mysql.sock". Do not delete this symlink.
This symlink will be pointing to "/var/lib/mysql/mysql.sock"
=-=-=--=-==-
ls -la '/home/USERNAME/.cagefs/tmp/mysql.sock'
lrwxrwxrwx 1 root nobody 25 Mar 5 19:33 /home/USERNAME/.cagefs/tmp/mysql.sock -> /var/lib/mysql/mysql.sock
--=-=-==-=-=-