So i had made an earlier post about installing CloudLinux and CageFS onto DO. Having just discovered DO’s VPC (Virtual Private Cloud) aren’t the two offering the same? Essentially VPC is what CageFS is?
CageFS:
https://docs.cloudlinux.com/cloudlinux_os_components/#cagefs
*"CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.
The benefits of CageFS are:
- Only safe binaries are available to user
- User will not see any other users, and would have no way to detect presence of other users & their user names on the server
- User will not be able to see server configuration files, such as Apache config files.
- User’s will have limited view of /proc file system, and will not be able to see other users’ processes
At the same time, user’s environment will be fully functional, and user should not feel in any way restricted. No adjustments to user’s scripts are needed. CageFS will cage any scripts execution done via:
- Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
- LiteSpeed Web Server
- Cron Jobs
- SSH
- Any other PAM enabled service "*
VS
DO’s VPC:
https://www.digitalocean.com/docs/networking/vpc/
“A Virtual Private Cloud (VPC) is a private network interface for collections of DigitalOcean resources. VPC networks are private networks that contain collections of resources that are isolated from the public internet and other VPC networks within your account, project or between teams in the same datacenter region. This means your resources, such as Droplets and databases, can reside in a network that is only accessible to other resources in the same network.”
Am I right?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Heya,
Just came across this answer and decided to write some general guidelines for anyone who comes across this in the future despite the old question.
Great question! I see you’re thinking about using CageFS from CloudLinux and comparing it to our VPC (Virtual Private Cloud) offering. While they both offer isolation, the ways they do this and what they are designed for are quite different.
CageFS, as per the link you provided, is a virtualized file system that helps to isolate each user in its own ‘cage’. It’s designed to contain a user within their self-contained environment, preventing them from seeing or interfering with other users. It’s generally used at the server operating system level and mainly used in shared hosting environments.
On the other hand, DigitalOcean’s VPC is a network level isolation tool that allows you to create private network interfaces for collections of DigitalOcean resources. It allows you to isolate resources from the public internet and other VPC networks within your account, project or between teams in the same datacenter region.
So, in essence, while both provide a form of isolation, CageFS is focused on isolating users at the system level inside a server. DigitalOcean’s VPC isolates resources at the network level, providing a measure of privacy and security for your resources.
For a more in-depth understanding of VPC, I would recommend visiting this link: https://www.digitalocean.com/docs/networking/vpc/
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.