Question

CloudLinux / CageFS - Account Level Security - Does DO provide anything similar?

I am looking to make the transition from cPanel hosting to DO, I have several client websites that are all placed in ‘cages’. I have a few questions, I understand CloudLinux is not supported here on DO however I was wondering if there anything similar I could use?

If not - does it mean users or hackers are able to upload malicious scripts on an account and spy on other user accounts?

For those who don’t know what CageFS is:

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks.

With CageFS:

  • Users only have access to safe files.
  • Users cannot see other users and have no way to detect the presence of other users or user names on the server.
  • Users cannot see server configuration files, like Apache config files.
  • Users have a limited view of their own processing file system, and cannot see other users’ processes.
  • Remove each user’s access to ALL SUID scripts.
  • Limit each customer’s access to the /proc filesystem.
  • Prevent symbolic link attacks.

Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end-user, yet impregnable to a hacker.

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

If it’s any use there do seem to be some instructions for running CloudLinux on DO and their workaround using kexec to switch to the CloudLinux kernel.

https://docs.cloudlinux.com/cloudlinux_installation/#digitalocean