Introduction to CageFS and PHP Selector and installation – CloudLinux
In one of our topic “Introduction to CloudLinux and installation guide” I’ve described the basic installation steps of CloudLinux. CloudLinux installation or activating CloudLinux OS in your server is incomplete without the installation of CageFS and PHP selector in the server. Before going to the installation steps of CageFS and PHP Selector, let’s look what are these modules and its importance in CloudLinux environment.
What is CageFS?
The main advantage of CloudLinux is, each user have its own light weight environment (LVE). This feature is accomplished by installing CageFS in CloudLinux server. CageFS is a virtualized file system which enables each user to have its own cage.
Advantages of CageFS
1. User won’t be able to see other users’ files and won’t be able to detect the presence of other users and their usernames on the server.
2. Only safe binaries are available to users.
3. Server configuration files will be hidden from users.
4. Users will have limited view of /proc system and won’t be able to see other users’ processes
5. Will prevent from symlink attacks.
Eventhough all users are in cage, they won’t feel that they’re restricted. CageFS will cage any script execution done via Apache, LiteSpeed, Cronjobs, SSH etc.
Minimum requirements for CageFS installation.
1. For CloudLinux 5 version, lve0.8.54 or latest and for CloudLinux 6 version, lve188.8.131.52 or latest
2. 7GB free disk space
Depending on the setup and number of users, you may also need:
a. Upto 8MB per customer in /var directory to store custom /etc directory.
b. 5GB to 20GB in /usr/share directory to store safe skeleton of filesystem.
Installation of CageFS is very simple. Here are the installation steps:
# yum install cagefs
Next is to create skeleton directory which is about 7GB in size.
# /usr/sbin/cagefsctl --init
If your /usr/share not have enough disk space, then follow the steps below to place cagefs skeleton in different location.
Assuming /home have enough disk space
# mkdir /home/cagefs-skeleton # ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
In cPanel servers, if you’ve followed the additional step to place skeleton in /home directory, then configure the following option in WHM.
If this procedure is not followed, cPanel accounts will be created in incorrect places.
1. Log into WHM
2. Navigate to Server configuration
3. Click on Basic cPanel/WHM setup
4. In Additional Home directories under Basic Config section, change the value to blank (not default “home”).
Once this setup is done, you can enable CageFS for users. By deafult, CageFS will be disabled for all users.
Another major feature of CloudLinux is that, each account can select the PHP version that they desired to have for their websites. This feature is accomplished by enabling the PHP selector module in CloudLinux server. CageFS must be installed for PHP selector to work in CloudLinux server. PHP selector is compatible with suPHP, mod_fcgid, CGI (suexec), LiteSpeed.
PHP Selector installation steps
Here are the installation steps for PHP Selector which is very easy to follow.
# yum groupinstall alt-php
Next step is to update CageFS and LVE Manager with support for all PHP alternatives
# yum update cagefs lvemanager
In cPanel/WHM server, make sure ‘Select PHP version is enabled‘ in Feature Manager.
Once this is enabled, default location for alt-php will be as follows:
The configuration file (php.ini) path for your PHP (for version 5.3) will be /opt/alt/php53/etc
Loaded configuration file – /opt/alt/php53/etc/php.ini
Once this is enabled, placing custom php.ini files to accounts’ in public_html folder will break your website. Custom PHP settings can be done in “Edit PHP settings” section from your cPanel.