Within a shared or multi-tenant hosting environment there important items to keep in mind such as server stability, resource allocation for clients, software version requirements and maintaining security.
In this article, we’ll be going over the benefits of CloudLinux and utilizing Cagefs in those environments.
What is Cloudlinux?
Cloudlinux (CL) is an operating system available to cPanel servers running Alma, Rocky and CentOS Linux distributions and offers great advantages in shared hosting (multi-tenant) environments.
What are some advantages of using Cloudlinux?
One feature and advantage of Cloudlinux is that you’re able to set up packages for users that limits the amount of resources their accounts can consume
These limits are all configured by the administrator of the server in WHM and helps maintain server stability when it comes to processes running under the user and memory consumption.
This also allows for the hosting provider to create certain package tiers to clients while making sure server resources are not over allocated.
You’re also able to individually select which PHP version is used on each site using CL Manager in WHM or PHP Selector in cPanel. This feature is very handy for supporting clients who have multiple sites with all different PHP requirements.
Some clients may have older site software/applications powering a website and require older PHP versions such as PHP 5.5. With PHP Selector in Cloudlinux you’re able to provide clients with the ability to use older PHP versions if necessary.
Much like being able to select PHP versions for individual sites, you’re also able to enable specific PHP extensions for each version of PHP using the “Selector” tab within the CL Manager menu through WHM.
As an added feature (if enabled for the user) a client user can also toggle on needed PHP extensions within their cPanel account using PHP Selector.
Cloudlinux also offers added security with the use of Cagefs which restricts each user into a container type environment called the Cagefs skeleton.
What is Cagefs?
Once Cagefs is enabled for a user account their access within the file system is restricted. The account is placed within the Cagefs skeleton and prevents them from venturing outside of their home directories.
Overall the Cagefs skeleton acts as a protective barrier between each account and security wise is very useful since it acts much like a jailed shell with how access is restricted.
This provides great benefits for the host and other clients as in the event of an account becoming compromised due to some website vulnerability, this feature would shield all other users within the server from the risk of that compromise branching out to their accounts.
How to install and enable Cagefs on the command line interface
The installation of Cagefs is pretty straight forward and is done by a yum install for CL7 or dnf install on CL8 versions.
1. Using yum or dnf to install Cagefs
The following command shows how to install Cagefs on CL7 systems:
As for installing Cagefs on CL8 systems, you would use the following:
2. Initialize Cagefs before enabling for users
Once Cagefs is installed you can then enable it. To do so you would run the following command which initializes Cagefs:
3. Enable Cagefs for users
Now that Cagefs has been initialized you’re able to enable it for your users. To individually enable it for a specific user you can use the following command:
Alternatively the following can be used to enable the Cagefs environment for all users on the server:
How to enable Cagefs in WHM
Cagefs does need to be installed via command line but when it comes to enabling the feature for users you’re able to complete this within a few seconds using the WHM (Webhost Manager) interface.
1. Open your browser and log into WHM for your server
After you’ve installed Cagefs on your server using the command line interface you can open up your preferred web browser and log into WHM for the server.
2. Access the CL manager menu
Once logged into WHM you can use the search bar in the upper right section of the WHM interface and type in “Manager” or “Cloud” to populate and reach the CL Manager menu as shown below:
Or you can also find it on the left sidebar using search. Either method will work just fine to reach the menu.
3. Display the user list
Within the CL Manager menu select the Users tab to display the users list as shown below:
4. Select the users you want to add into Cagefs
Once within menu, you’ll see next to each user (on the left) is a box which you can click to select to that user.
Once the users box is checked/selected go to the Cagefs option on the upper right to enable:
Note: It should show as “enable” if the Cagefs feature is currently disabled for the user. Once it shows “disable” within that section, this means Cagefs is active for the users.
5. Confirm changes to enable Cagefs for a user
After making this selection select the “confirm” button to save all changes and you’re done!
Leave a Reply