CageFS in cPanel – How to make it work for your servers!
Users in our server are getting the following error when executing an operating system command through PHP. *sh: jpegoptim: command not found*
Recently we were contacted by a server owner whose customer was having issues running a PHP script that executes this command.
In our role as Technical Support Services for web hosting companies, installing, configuring and managing cPanel servers is a major task we perform.
From our detailed investigation, we could see that the error is due to CageFS in cPanel server. Let’s see how it caused ‘command not found’ error and how we fixed it.
What is CageFS? How it benefits your cPanel server?
In CloudLinux servers, each user has their own LVE (Light weight environment). This LVE helps to limit resources per account, and prevent a single user from crashing the server.
LVE feature is based on CageFS, which is a virtualized file system that limits each user within his own cage. Each cage will be fully functional, with its share of system files and tools.
When CageFS is enabled, the following services will be available to each user in an isolated environment, depending on the CageFS configuration.
- Web server such as Apache (suexec, suPHP, mod_fcgid, mod_fastcgi) or LiteSpeed
- Cron Jobs
- SSH access
- OS commands or system tools
In shared hosting, this CageFS features offers a lot of benefits to server owners, with regard to both security and resource control. These benefits include:
- Users will be prevented from viewing files or details of other users in the same server.
- We can allow only safe binaries to be executed by the users, and protect the server.
- Users will not be able to tamper with server configuration files intentionally or accidentally.
- Users will have only a limited view of /proc system and will not be able to see other users’ processes in the server.
- CageFS helps to prevent server from symlink attacks.
- Inspite of being in ‘cage’, users will still have a fully functional environment to perform their tasks.
- Users can select the PHP version that they want for their websites, using the PHP selector module.
How to enable CageFS in cPanel servers
CageFS can be installed in CloudLinux servers with minimum 7GB free disk space. Depending on the number of users and setup, the disk usage for users and skeleton directory is determined.
CageFS installation can be done with just 2 simple commands. The first command installs CageFS and second one creates skeleton directory of around 7GB.
yum install cagefs /usr/sbin/cagefsctl --init
In servers without adequate disk space in /usr partition, we configure the skeleton directory in another partition with enough space. Additional home directories are configured in WHM based on this.
In cPanel servers with CloudLinux, CageFS can be easily managed using CageFS plugin for cPanel via the WHM.
By default CageFS is disabled for all users. This interface helps to enable and disable CageFS for user accounts in the server.
How to enable PHP Selector for CageFS users
For enabling the PHP Selector feature for users, we install the ‘alt-php’ package and update the CageFS and LVE manager to reflect that change.
In cPanel/WHM server, make sure ‘Select PHP version is enabled‘ in Feature Manager. The feature will now show up in user’s cPanel user ‘Software’ section.
Need assistance to install CageFS in your cPanel server? Click here to talk to our experts. We’re online 24/7.
Managing CageFS in cPanel servers – How to fix the issues that pop up
CageFS feature can present some issues in website functioning, if follow-up configuration and management are not properly done.
1. Website functionality issues
Once this PHP selector feature is enabled, using custom php.ini files in public_html folder will break the site.
Fix: In CageFS accounts, custom PHP settings have to be done via cPanel “Edit PHP settings” section.
2. Command not found errors
For the CloudLinux setup, all the RPM packages or commands are not directly available to all users. Each user has a separate caged command binary folder.
When users try to execute commands that are not allowed in the path of CageFS for that user, they will get ‘command not found’ error.
Fix: Any new RPM package or command installed in the server is added to the CageFS of the users who need to execute them.
To add paths to commands and files for CageFS users, the configuration file /etc/cagefs/conf.d/custom.cfg has to be updated. The full paths to commands are added, separated by commas.
For Yum based packages, the package is added to CageFS with the command:
cagefsctl --addrpm <packagename>
After the changes, CageFS user configuration is updated with this command, and users will now be able to execute commands without errors.
3. WHM error in CageFS interface
At times, CageFS WHM interface can give timeout errors occasionally, if the packages are outdated.
[A fatal error or timeout occurred while processing this directive.] [A warning occurred while processing this directive.]
Fix: We update the RPM packages using “yum update” command. In cases where issue persists, we re-initiate CageFS in server.
Facing errors in cPanel servers? Click here to fix them instantly.
Today we saw how our Dedicated Support Engineers configure and manage cPanel servers for web hosting providers, to ensure a fully functional environment for the account owners.