How To Enter Into User's CageFS As Root Or Run A Command Inside CageFS?

How To Enter Into User's CageFS As Root? 

This capability is built into the main executable program for the CageFS package (cagefsctl) and as a result, should be always available as long as you have the main CageFS package (cagefs-7.1.8-1.el7.cloudlinux.x86_64) installed. Here is how you are able to enter a user's cagefs as root: 

cagefsctl --enter $username

OR

cagefsctl --e $username

Note: You need to first make sure that the user has cagefs enabled via this command: 

cagefsctl --user-status $username

How To Run A Command Inside CageFS?

Note: For this feature to work you will need the lve-wrappers package on your server. And this feature is only available on version lve-wrappers 0.6-1 and above. 

Sometimes you will need to execute a command as user inside CageFS. If a user has shell enabled - you can simply use:

/bin/su - $USERNAME -c “_command_”

However, if a user has their shell disabled, it wouldn't work. To solve this issue, Cloudlinux has added the following command:

/sbin/cagefs_enter_user $USERNAME “_command_”

If you disable CageFS for a user, then cagefs_enter will be executed without proxyexec .

You can forcibly disable cagefs_enter start via proxyexec for all users (regardless if CageFS is enabled or disabled) by specifying the parameter  cagefs_enter_proxied=0

 in /etc/sysconfig/cloudlinux.

/bin/cagefs_enter.proxied can be executed instead of /bin/cagefs_enter to enter CageFS without proxyexec . Note that starting cagefs_enter via proxyexec is necessary to enable sending local notification messages to users with enabled CageFS. cagefs_enter is executed via proxyexec by default.