Bobcares

CageFS in cPanel – How to make it work for your servers!

by | Dec 4, 2018

Users in our server are getting the following error when executing an operating system command through PHP.

*sh: jpegoptim: command not found*

 

Recently we were contacted by a server owner whose customer was having issues running a PHP script that executes this command.

In our role as Technical Support Services for web hosting companies, installing, configuring and managing cPanel servers is a major task we perform.

From our detailed investigation, we could see that the error is due to CageFS in cPanel server. Let’s see how it caused ‘command not found’ error and how we fixed it.

 

What is CageFS? How it benefits your cPanel server?

In CloudLinux servers, each user has their own LVE (Light weight environment). This LVE helps to limit resources per account, and prevent a single user from crashing the server.

LVE feature is based on CageFS, which is a virtualized file system that limits each user within his own cage. Each cage will be fully functional, with its share of system files and tools.

When CageFS is enabled, the following services will be available to each user in an isolated environment, depending on the CageFS configuration.

  • Web server such as Apache (suexec, suPHP, mod_fcgid, mod_fastcgi) or LiteSpeed
  • Cron Jobs
  • SSH access
  • OS commands or system tools

In shared hosting, this CageFS features offers a lot of benefits to server owners, with regard to both security and resource control. These benefits include:

  1. Users will be prevented from viewing files or details of other users in the same server.
  2. We can allow only safe binaries to be executed by the users, and protect the server.
  3. Users will not be able to tamper with server configuration files intentionally or accidentally.
  4. Users will have only a limited view of /proc system and will not be able to see other users’ processes in the server.
  5. CageFS helps to prevent server from symlink attacks.
  6. Inspite of being in ‘cage’, users will still have a fully functional environment to perform their tasks.
  7. Users can select the PHP version that they want for their websites, using the PHP selector module.

 

How to enable CageFS in cPanel servers

CageFS can be installed in CloudLinux servers with minimum 7GB free disk space. Depending on the number of users and setup, the disk usage for users and skeleton directory is determined.

CageFS installation can be done with just 2 simple commands. The first command installs CageFS and second one creates skeleton directory of around 7GB.

yum install cagefs
/usr/sbin/cagefsctl --init

 

In servers without adequate disk space in /usr partition, we configure the skeleton directory in another partition with enough space. Additional home directories are configured in WHM based on this.

In cPanel servers with CloudLinux, CageFS can be easily managed using CageFS plugin for cPanel via the WHM.

 

CageFS interface in cPanel/WHM

 

 

By default CageFS is disabled for all users. This interface helps to enable and disable CageFS for user accounts in the server.

 

How to enable PHP Selector for CageFS users

For enabling the PHP Selector feature for users, we install the ‘alt-php’ package and update the CageFS and LVE manager to reflect that change.

In cPanel/WHM server, make sure ‘Select PHP version is enabled‘ in Feature Manager. The feature will now show up in user’s cPanel user ‘Software’ section.

 

CageFS enabled for user

Need assistance to install CageFS in your cPanel server? Click here to talk to our experts. We’re online 24/7.

 

Managing CageFS in cPanel servers – How to fix the issues that pop up

CageFS feature can present some issues in website functioning, if follow-up configuration and management are not properly done.

1. Website functionality issues

Once this PHP selector feature is enabled, using custom php.ini files in public_html folder will break the site.

Fix: In CageFS accounts, custom PHP settings have to be done via cPanel “Edit PHP settings” section.

2. Command not found errors

For the CloudLinux setup, all the RPM packages or commands are not directly available to all users. Each user has a separate caged command binary folder.

When users try to execute commands that are not allowed in the path of CageFS for that user, they will get ‘command not found’ error.

Fix: Any new RPM package or command installed in the server is added to the CageFS of the users who need to execute them.

To add paths to commands and files for CageFS users, the configuration file /etc/cagefs/conf.d/custom.cfg has to be updated. The full paths to commands are added, separated by commas.

For Yum based packages, the package is added to CageFS with the command:

cagefsctl --addrpm <packagename>

 

After the changes, CageFS user configuration is updated with this command, and users will now be able to execute commands without errors.

cagefsctl --force-update

3. WHM error in CageFS interface

At times, CageFS WHM interface can give timeout errors occasionally, if the packages are outdated.

[A fatal error or timeout occurred while processing this directive.] [A warning occurred while processing this directive.]

 

Fix: We update the RPM packages using “yum update” command. In cases where issue persists, we re-initiate CageFS in server.

/usr/sbin/cagefsctl --reinit

 

Facing errors in cPanel servers? Click here to fix them instantly.

Conclusion

Today we saw how ourSupport Engineers configure and manage cPanel servers for web hosting providers, to ensure a fully functional environment for the account owners.

 

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF