CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc. Here you will see, how to install CageFS.
CageFS is an addition to the OS CloudLinux develops, which we use exclusively across all of our shared, reseller and semi-dedicated servers. The goal of installing CageFS is both your account and our servers will be more secure, but that is an oversimplification of what is really an important upgrade for everyone involved. Here you will see, how to install CageFS
The benefits of CageFS:
- Only safe binaries are available to the user.
- The user will not see any other users and would have no way to detect the presence of other users & their usernames on the server
- The user will not be able to see server configuration files, such as Apache config files.
- Users will have a limited view of /proc file system, and will not be able to see other users processes
To install CageFS:
$ yum install cagefs $ /usr/sbin/cagefsctl --init
That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location.