CageFS is a virtualized file system which enables each user to have its own cage. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.
The benefits of CageFS are:
User will not be able to see server configuration files, such as Apache config files.
User won’t be able to see other users’ files and won’t be able to detect the presence of other users and their usernames on the server.
Users will have limited view of /proc system and won’t be able to see other users’ processes
Will prevent from symlink attacks.
Only safe binaries are available to users
Even though all users are in cage, they won’t feel that they’re restricted. CageFS will cage any script execution done via Apache, LiteSpeed, Cronjobs, SSH etc.
$ yum install cagefs
$ /usr/sbin/cagefsctl –init
That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location:
$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
On cPanel servers, if you will be placing skeleton into /home directory, you must configure the following option in:
cPanel WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories
Change the value to blank (not default “home”)
Without changing this option, cPanel will create new accounts in incorrect places.
There are no revisions for this post.