CloudLinux / CageFS - Account Level Security - Does DO provide anything similar?
I am looking to make the transition from cPanel hosting to DO, I have several client websites that are all placed in ‘cages’. I have a few questions, I understand CloudLinux is not supported here on DO however I was wondering if there anything similar I could use?
If not - does it mean users or hackers are able to upload malicious scripts on an account and spy on other user accounts?
For those who don’t know what CageFS is:
CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks.
- Users only have access to safe files.
- Users cannot see other users and have no way to detect the presence of other users or user names on the server.
- Users cannot see server configuration files, like Apache config files.
- Users have a limited view of their own processing file system, and cannot see other users’ processes.
- Remove each user’s access to ALL SUID scripts.
- Limit each customer’s access to the /proc filesystem.
- Prevent symbolic link attacks.
Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end-user, yet impregnable to a hacker.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.×