Introduction
CageFS is an important security feature included with CloudLinux. CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information.
Sometimes, a user's application is not compatible with CageFS--such as EacyApache Containers--and you must exclude a particular user from the CageFS system.
Procedure
Disable CageFS for a User
To temporarily disable CageFS for a user, use the "cagefsctl" utility:
cagefsctl --disable $USER
This will be overridden by using the "--enable-all" flag.
Exclude User from CageFS
To ensure CageFS outright cannot be enabled for a user, even when using the "--enable-all" flag, add the username to an exclude file:
echo "$USER" >> /etc/cagefs/exclude/disabled-by-cli
Then, run this command to update all CageFS users:
cagefsctl --force-update
Attempting to enable CageFS for this user will now result in the following error:
root@server ~# cagefsctl --enable cptest
Error: user cptest is excluded
Excluded users are not listed in the "--list-disabled" output of "cagefsctl."
Confirm CageFS Status
In both methods, the user should appear Disabled when running the following command:
cagefsctl --user-status $USER
Comments
0 comments
Article is closed for comments.