CageFS is a virtualized file system and a set of tools to lock each system user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc. For a cageFS enabled user only safe binaries are available, user will not see any other users etc are the main benefits of CageFS.
CageFS creates individual namespace for each user, making it impossible for users to see each other’s files and creating high level of isolation. These safe files for each users are created by default on a folder location /usr/share/cagefs-skeleton.
Sometimes you need to move this cagefs-skeleton directory from /usr/share to another partition like /home due to low free disk space available in the /usr partition. Below are the steps we used to achieve the same.
# cagefsctl --disable-cagefs
This command will disable cagefs in the server.
# cagefsctl --unmount-all
This command will unmount all mount points created by cagefs.
To ensure all mount points created by cagefs are unmounted successfully please issue below command.
# cat /proc/mounts | grep cagefs
if you see any cagefs entries, execute “cagefsctl –unmount-all” again and cagefs still exists please issue below command.
# /usr/share/cagefs-plugins/hooks/jail_shell_disable.sh # mv /usr/share/cagefs-skeleton /home/cagefs-skeleton
This command will move the folder from /usr to /home (which is having more free disk space).
# ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
This commnad will create a softlink from /usr/share/cagefs-skeleton to /home/cagefs-skeleton where the actual files exits.
# cagefsctl --enable-cagefs
This command will enable cagefs in the server.
If we doing this in cPanel servers, then in cPanel WHM choose “Server Configuration” and go to “Basic cPanel/WHM Setup”, then change Additional home directories default value to blank not “home”. If we haven’t set this option, then cPanel will create new accounts in incorrect places.
We encourage your valuable comments below if you encounter any issues while following this article.