{"id":1444,"date":"2015-02-02T22:24:20","date_gmt":"2015-02-03T04:24:20","guid":{"rendered":"http:\/\/blog.supportpro.com\/?p=1444"},"modified":"2026-04-20T00:37:10","modified_gmt":"2026-04-20T06:37:10","slug":"cage-file-system-an-overview","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/cage-file-system-an-overview\/","title":{"rendered":"Cage File System : Secure Virtualized File System"},"content":{"rendered":"\n<p>CageFS is a virtualized file system designed to improve server security by isolating each user into a separate environment called a \u201ccage.\u201d <strong>As a result<\/strong>, every user gets a fully functional virtual file system that includes system files, tools, and configurations. <strong>However<\/strong>, this environment remains completely isolated from all other users on the server. <strong>In addition<\/strong>, this structure enhances security, prevents unauthorized access, and ensures a stable multi-user hosting environment.<\/p>\n\n\n\n<p>This ensures higher security, better stability, and protection against malicious activities in shared hosting environments.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is CageFS?<\/h3>\n\n\n\n<p>CageFS creates a virtual environment for each user on a server. Inside this environment, users can only access their own files and system resources. They cannot see or interact with other users or sensitive server configuration files.<\/p>\n\n\n\n<p>The <code>cagefsctl<\/code> command provides full control over CageFS, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Initialization<\/li>\n\n\n\n<li>Enabling\/disabling CageFS<\/li>\n\n\n\n<li>Mounting and unmounting file systems<\/li>\n\n\n\n<li>Managing users inside CageFS<\/li>\n<\/ul>\n\n\n\n<p>More advanced command options are available through <code>cagefsctl<\/code> documentation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Installation of CageFS<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">Requirements<\/h4>\n\n\n\n<p>CageFS can only be installed on a <strong>CloudLinux server<\/strong>. It requires:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>~8 MB per user in the <code>\/var<\/code> directory (for custom <code>\/etc<\/code>)<\/li>\n\n\n\n<li>5 GB to 20 GB in <code>\/usr\/share<\/code> (for filesystem skeleton)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Installation Steps<\/h3>\n\n\n\n<p>Install CageFS using YUM:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>yum install cagefs<\/code><\/pre>\n\n\n\n<p>Initialize CageFS:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --init<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Optional: Change Skeleton Location<\/h3>\n\n\n\n<p>You can change the default CageFS skeleton directory. <strong>For instance<\/strong>, you can create a symbolic link to another location. <strong>As a result<\/strong>, the system will use the new path instead of the default directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Automatic Configuration<\/h3>\n\n\n\n<p>During installation, CageFS automatically detects and configures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web servers (e.g., LiteSpeed, Apache)<\/li>\n\n\n\n<li>Databases (MySQL, PostgreSQL)<\/li>\n\n\n\n<li>Popular control panels<\/li>\n<\/ul>\n\n\n\n<p>By default, CageFS is disabled for all users after installation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Uninstall CageFS<\/h3>\n\n\n\n<p>To remove CageFS completely:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --remove-all<\/code><\/pre>\n\n\n\n<p>Or uninstall via YUM:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>yum remove cagefs<\/code><\/pre>\n\n\n\n<p>This will:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable CageFS for all users<\/li>\n\n\n\n<li>Unmount all cages<\/li>\n\n\n\n<li>Remove CageFS directories and skeleton files<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">User Management in CageFS<\/h3>\n\n\n\n<p>CageFS operates in two modes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enabled Mode (Production)<\/strong><\/li>\n\n\n\n<li><strong>Disabled Mode (Testing)<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Enable\/Disable Modes<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --enable-all<br>cagefsctl --disable-all<br>cagefsctl --toggle-mode<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Manage Individual Users<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --enable username<br>cagefsctl --disable username<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">View Users<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --list-enabled<br>cagefsctl --list-disabled<br>cagefsctl --display-user-mode<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Running Commands Inside CageFS<\/h4>\n\n\n\n<p>You can execute commands inside a user\u2019s cage using:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>su - username -c \"command\"<\/code><\/pre>\n\n\n\n<p>Or:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefs_enter_user username \"command\"<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Excluding Users from CageFS<\/h4>\n\n\n\n<p>To exclude a user, add their name inside:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/cagefs\/exclude<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">File Management in CageFS<\/h4>\n\n\n\n<p>When initialized, CageFS creates a filesystem template in:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/share\/cagefs-skeleton<\/code><\/pre>\n\n\n\n<p>Behavior and file inclusion rules are controlled via:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/cagefs\/conf.d<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Updating CageFS<\/h4>\n\n\n\n<p>After making configuration changes:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --update<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Managing RPM Files<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>cagefsctl --addrpm<br>cagefsctl --delrpm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Blacklisting Files or Directories<\/h4>\n\n\n\n<p>To exclude files or directories from CageFS:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/cagefs\/black.list<\/code><\/pre>\n\n\n\n<p>(Add one entry per line)<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Space Management in CageFS<\/h4>\n\n\n\n<p>CageFS creates a separate namespace for each user. This ensures users cannot access each other\u2019s data.<\/p>\n\n\n\n<p>Shared system directories are mounted from:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/etc\/cagefs\/cagefs.mp<\/code><\/pre>\n\n\n\n<p>User-specific directories are mapped under:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/var\/cagefs\/[prefix]\/username<\/code><\/li>\n<\/ul>\n\n\n\n<p>Where the prefix is derived from the last two digits of the user ID.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Advantages of CageFS<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1. Protection Against Hackers<\/h4>\n\n\n\n<p>CageFS prevents attackers from scanning system files or escalating privileges.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2. Strong User Isolation<\/h4>\n\n\n\n<p>Each user operates in a private environment with no visibility into other users.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3. Secure Configuration Isolation<\/h4>\n\n\n\n<p>Users cannot access sensitive files like Apache or system configs.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4. Control Panel Compatibility<\/h4>\n\n\n\n<p>Fully supported with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>cPanel<\/li>\n\n\n\n<li>Plesk<\/li>\n\n\n\n<li>DirectAdmin<\/li>\n\n\n\n<li>InterWorx<\/li>\n\n\n\n<li>ISP Manager<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">5. Easy Setup<\/h4>\n\n\n\n<p>CageFS automatically detects and configures server environments, reducing setup time.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Limitations of CageFS<\/h3>\n\n\n\n<p>Although CageFS improves security, it has some limitations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/var\/log\/lastlog<\/code> does not function normally<\/li>\n\n\n\n<li>PHP uses <code>\/usr\/selector\/php.ini<\/code><\/li>\n\n\n\n<li>You must run <code>cagefsctl --update<\/code> after configuration changes<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Conclusion<\/h3>\n\n\n\n<p>CageFS is a powerful security solution for shared hosting environments. It isolates users, prevents unauthorized access, and strengthens server protection without affecting usability.<\/p>\n\n\n\n<p>It is an essential tool for hosting providers looking to secure multi-user Linux environments efficiently.<\/p>\n\n\n\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide has-media-on-the-right is-stacked-on-mobile is-vertically-aligned-center has-white-background-color has-background\"><div class=\"wp-block-media-text__content\">\n<p class=\"has-large-font-size\">Facing issues? <\/p>\n\n\n\n<p class=\"has-large-font-size\">Our technical support<br>engineers can solve it. <\/p>\n\n\n\n<!--HubSpot Call-to-Action Code --><span class=\"hs-cta-wrapper\" id=\"hs-cta-wrapper-3350a795-db50-482f-9911-301930d1b1be\"><span class=\"hs-cta-node hs-cta-3350a795-db50-482f-9911-301930d1b1be\" id=\"hs-cta-3350a795-db50-482f-9911-301930d1b1be\"><!--[if lte IE 8]><div id=\"hs-cta-ie-element\"><\/div><![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/3350a795-db50-482f-9911-301930d1b1be\" ><img decoding=\"async\" class=\"hs-cta-img\" id=\"hs-cta-img-3350a795-db50-482f-9911-301930d1b1be\" style=\"border-width:0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\"  alt=\"Contact Us today!\"\/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '3350a795-db50-482f-9911-301930d1b1be', {\"useNewLoader\":\"true\",\"region\":\"na1\"}); <\/script><\/span><!-- end HubSpot Call-to-Action Code -->\n<\/div><figure class=\"wp-block-media-text__media\"><img fetchpriority=\"high\" decoding=\"async\" width=\"904\" height=\"931\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png\" alt=\"guy server checkup\" class=\"wp-image-12943 size-full\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup.png 904w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-291x300.png 291w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-768x791.png 768w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2022\/09\/Free-server-checkup-585x602.png 585w\" sizes=\"(max-width: 904px) 100vw, 904px\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>CageFS is a virtualized file system designed to improve server security by isolating each user into a separate environment called a \u201ccage.\u201d As a result, every user gets a fully&hellip;<\/p>\n","protected":false},"author":5,"featured_media":16936,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[5,6],"tags":[],"class_list":["post-1444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-topics","category-linux-basics"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=1444"}],"version-history":[{"count":10,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1444\/revisions"}],"predecessor-version":[{"id":16939,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1444\/revisions\/16939"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media\/16936"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=1444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=1444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=1444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}