What is CageFS and its benefits

CageFS is a virtualized file system which enables each user to have its own cage. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.

The benefits of CageFS are:

User will not be able to see server configuration files, such as Apache config files.
User won’t be able to see other users’ files and won’t be able to detect the presence of other users and their usernames on the server.
Users will have limited view of /proc system and won’t be able to see other users’ processes
Will prevent from symlink attacks.
Only safe binaries are available to users

Even though all users are in cage, they won’t feel that they’re restricted. CageFS will cage any script execution done via Apache, LiteSpeed, Cronjobs, SSH etc.

Installation:

$ yum install cagefs
$ /usr/sbin/cagefsctl –init

That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location:

$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton

On cPanel servers, if you will be placing skeleton into /home directory, you must configure the following option in:

cPanel WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories

Change the value to blank  (not default “home”)

Without changing this option, cPanel will create new accounts in incorrect places.

Revisions

There are no revisions for this post.

Tags: , , , , ,

No comments yet.

Leave a Reply