Enable additional commands to CageFS users in CloudLinux

Cloudlinux

Introduction

In CloudLinux, CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information.

It prevents a large number of attacks, including most privilege escalation and information disclosure attacks.

It is completely transparent to your customers, without any need for them to change their scripts.

After enabling cageFS

  • Users only have access to safe files.
  • They cannot see other users and have no way to detect the presence of other users or user names on the server.
  • They cannot see server configuration files, like Apache config files.
  • And they have a limited view of their own processing file system, and cannot see other users’ processes.

To enable additional commands to cageFS users in CloudLinux

  • Login to server as root using SSH
  • Open the file /etc/cagefs/conf.d/binutils.cfg in vi editor
#vi /etc/cagefs/conf.d/binutils.cfg
  • Add the path of the commands in the line starts with “paths=”.

like this

paths=/bin/arch, /bin/awk, /bin/basename, /bin/cat

You can get the path of a command using the below command

Syntax: which {command-name}

Eg: #which ls

/bin/ls
  • Add the command paths in the file. We can add multiple file paths separated by commas.
  • Save the file and run cagefs update using the below command
#cagefsctl --force-update
Another advantage of CloudLinux is PHP Selector.

PHP Selector is a CloudLinux component that sits on top of cagefs. It allows each user to select PHP version and module based on their needs. PHP Selector requires account to have cageFS enabled to work.

 

To install PHP selector:

Here are the installation steps for PHP Selector which is very easy to follow.

# yum groupinstall alt-php

Next step is to update cagefs and LVE Manager with support for all PHP alternatives

# yum update cagefs lvemanager

In cPanel/WHM server, make sure ‘Select PHP version is enabled‘ in Feature Manager.

Once this is enabled, default location for alt-php will be as follows:

The configuration file (php.ini) path for your PHP (for version 5.3) will be /opt/alt/php53/etc
Loaded configuration file – /opt/alt/php53/etc/php.ini

Once this is enabled, placing custom php.ini files to accounts’ in public_html folder will break your website. To customize  PHP settings go to  “Edit PHP settings” section in your cPanel.

 

Facebook Comments