How To Enter Into User's CageFS As Root?
This capability is built into the main executable program for the CageFS package (cagefsctl) and as a result, should be always available as long as you have the main CageFS package (cagefs-7.1.8-1.el7.cloudlinux.x86_64) installed. Here is how you are able to enter a user's cagefs as root:
cagefsctl --enter $username
OR
cagefsctl --e $username
Note: You need to first make sure that the user has cagefs enabled via this command:
cagefsctl --user-status $username
How To Run A Command Inside CageFS?
Note: For this feature to work you will need the lve-wrappers package on your server. And this feature is only available on version lve-wrappers 0.6-1 and above.
Sometimes you will need to execute a command as user inside CageFS. If a user has shell enabled - you can simply use:
/bin/su - $USERNAME -c “_command_”
However, if a user has their shell disabled, it wouldn't work. To solve this issue, Cloudlinux has added the following command:
/sbin/cagefs_enter_user $USERNAME “_command_”
If you disable CageFS for a user, then cagefs_enter will be executed without proxyexec .
You can forcibly disable cagefs_enter start via proxyexec for all users (regardless if CageFS is enabled or disabled) by specifying the parameter cagefs_enter_proxied=0
in /etc/sysconfig/cloudlinux.
/bin/cagefs_enter.proxied can be executed instead of /bin/cagefs_enter to enter CageFS without proxyexec . Note that starting cagefs_enter via proxyexec is necessary to enable sending local notification messages to users with enabled CageFS. cagefs_enter is executed via proxyexec by default.