Question

CloudLinux / CageFS - Account Level Security - Does DO provide anything similar?

I am looking to make the transition from cPanel hosting to DO, I have several client websites that are all placed in ‘cages’. I have a few questions, I understand CloudLinux is not supported here on DO however I was wondering if there anything similar I could use?

If not - does it mean users or hackers are able to upload malicious scripts on an account and spy on other user accounts?

For those who don’t know what CageFS is:

CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks.

With CageFS:

  • Users only have access to safe files.
  • Users cannot see other users and have no way to detect the presence of other users or user names on the server.
  • Users cannot see server configuration files, like Apache config files.
  • Users have a limited view of their own processing file system, and cannot see other users’ processes.
  • Remove each user’s access to ALL SUID scripts.
  • Limit each customer’s access to the /proc filesystem.
  • Prevent symbolic link attacks.

Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end-user, yet impregnable to a hacker.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

If it’s any use there do seem to be some instructions for running CloudLinux on DO and their workaround using kexec to switch to the CloudLinux kernel.

https://docs.cloudlinux.com/cloudlinux_installation/#digitalocean