What is CageFS and what does it do?
CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.
The benefits of CageFS are:
- Only safe binaries are available to users
- Users will not see any other users and would have no way to detect the presence of other users & their user names on the server
- Users will not be able to see server configuration files, such as Apache config files.
- Users will have a limited view of /proc file system, and will not be able to see other users' processes
At the same time, the user's environment will be fully functional, and the user should not feel in any way restricted. No adjustments to the user's scripts are needed. CageFS will cage any scripts execution done via:
- Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
- LiteSpeed Web Server
- Cron Jobs
- Any other PAM-enabled service