Home General TopicsCage File System : Secure Virtualized File System
General TopicsLinux Basics

Cage File System : Secure Virtualized File System

by Bella
written by Bella
Cage File System

CageFS is a virtualized file system designed to improve server security by isolating each user into a separate environment called a “cage.” As a result, every user gets a fully functional virtual file system that includes system files, tools, and configurations. However, this environment remains completely isolated from all other users on the server. In addition, this structure enhances security, prevents unauthorized access, and ensures a stable multi-user hosting environment.

This ensures higher security, better stability, and protection against malicious activities in shared hosting environments.

What is CageFS?

CageFS creates a virtual environment for each user on a server. Inside this environment, users can only access their own files and system resources. They cannot see or interact with other users or sensitive server configuration files.

The cagefsctl command provides full control over CageFS, including:

  • Initialization
  • Enabling/disabling CageFS
  • Mounting and unmounting file systems
  • Managing users inside CageFS

More advanced command options are available through cagefsctl documentation.

Installation of CageFS

Requirements

CageFS can only be installed on a CloudLinux server. It requires:

  • ~8 MB per user in the /var directory (for custom /etc)
  • 5 GB to 20 GB in /usr/share (for filesystem skeleton)

Installation Steps

Install CageFS using YUM:

yum install cagefs

Initialize CageFS:

cagefsctl --init

Optional: Change Skeleton Location

You can change the default CageFS skeleton directory. For instance, you can create a symbolic link to another location. As a result, the system will use the new path instead of the default directory.

Automatic Configuration

During installation, CageFS automatically detects and configures:

  • Web servers (e.g., LiteSpeed, Apache)
  • Databases (MySQL, PostgreSQL)
  • Popular control panels

By default, CageFS is disabled for all users after installation.

Uninstall CageFS

To remove CageFS completely:

cagefsctl --remove-all

Or uninstall via YUM:

yum remove cagefs

This will:

  • Disable CageFS for all users
  • Unmount all cages
  • Remove CageFS directories and skeleton files

User Management in CageFS

CageFS operates in two modes:

  • Enabled Mode (Production)
  • Disabled Mode (Testing)

Enable/Disable Modes

cagefsctl --enable-all
cagefsctl --disable-all
cagefsctl --toggle-mode

Manage Individual Users

cagefsctl --enable username
cagefsctl --disable username

View Users

cagefsctl --list-enabled
cagefsctl --list-disabled
cagefsctl --display-user-mode

Running Commands Inside CageFS

You can execute commands inside a user’s cage using:

su - username -c "command"

Or:

cagefs_enter_user username "command"

Excluding Users from CageFS

To exclude a user, add their name inside:

/etc/cagefs/exclude

File Management in CageFS

When initialized, CageFS creates a filesystem template in:

/usr/share/cagefs-skeleton

Behavior and file inclusion rules are controlled via:

/etc/cagefs/conf.d

Updating CageFS

After making configuration changes:

cagefsctl --update

Managing RPM Files

cagefsctl --addrpm
cagefsctl --delrpm

Blacklisting Files or Directories

To exclude files or directories from CageFS:

/etc/cagefs/black.list

(Add one entry per line)

Space Management in CageFS

CageFS creates a separate namespace for each user. This ensures users cannot access each other’s data.

Shared system directories are mounted from:

/etc/cagefs/cagefs.mp

User-specific directories are mapped under:

  • /var/cagefs/[prefix]/username

Where the prefix is derived from the last two digits of the user ID.

Advantages of CageFS

1. Protection Against Hackers

CageFS prevents attackers from scanning system files or escalating privileges.

2. Strong User Isolation

Each user operates in a private environment with no visibility into other users.

3. Secure Configuration Isolation

Users cannot access sensitive files like Apache or system configs.

4. Control Panel Compatibility

Fully supported with:

  • cPanel
  • Plesk
  • DirectAdmin
  • InterWorx
  • ISP Manager

5. Easy Setup

CageFS automatically detects and configures server environments, reducing setup time.

Limitations of CageFS

Although CageFS improves security, it has some limitations:

  • /var/log/lastlog does not function normally
  • PHP uses /usr/selector/php.ini
  • You must run cagefsctl --update after configuration changes

Conclusion

CageFS is a powerful security solution for shared hosting environments. It isolates users, prevents unauthorized access, and strengthens server protection without affecting usability.

It is an essential tool for hosting providers looking to secure multi-user Linux environments efficiently.

If you require help, contact SupportPRO Server Admin

Facing issues?

Our technical support
engineers can solve it.

Contact Us today!
guy server checkup

You may also like

Massive cPanel Security Flaws in 2026: What Admins...

Kernel OOM Killer Explained: Why It Happens in...

Domain Not Receiving Emails? Here’s Why and How...

Critical Next.js Vulnerability CVE-2025-66478 : Remote Code Execution...

How to Configure Network Bonding on Debian 10...

How to Configure a Cloud Mail Server with...

How to Enable and Configure Network Bonding in...

AWS Amplify in React Application deployment

Data recovery using Scalpel and Foremost

TightVNC Viewer for Windows

Leave a Comment