What is CageFS?
CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.CageFS is an addition to the OS CloudLinux develops, which we use exclusively across all of our shared, reseller and semi-dedicated servers. The goal of installing CageFS is both your account and our servers will be more secure, but that is an oversimplification of what is really an important upgrade for everyone involved.
The CageFS benefits are:
- Only safe binaries are available to user
- User will not see any other users and would have no way to detect presence of other users & their user names on the server
- The user will not be able to see server configuration files, such as Apache config files.
- Users will have limited view of /proc file system, and will not be able to see other users processes
To install CageFS:
$ yum install cagefs $ /usr/sbin/cagefsctl --init
That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location.