Hi All,
CageFS and PHP Selector are two major components of Cloud Linux.
CageFS is a virtualized file system and a set of tools to contain each user in its own ‘cage’. Each customer will have its own fully functional CageFS, with all the system files, tools, etc…
The benefits of CageFS are:
1. Only safe binaries are available to user
2. User will not see any other users, and would have no way to detect presence of other users & their user names on the server
3. User will not be able to see server configuration files, such as Apache config files.
4. User’s will have limited view of /proc file system, and will not be able to see other’ users processes
PHP Selector is a CloudLinux component that sits on top of CageFS. It allows each user to select PHP version & module based on their needs. PHP Selector requires account to have CageFS enabled to work.
=========
CAGEFS
=========
Installation
—————
To install CageFS:
$ yum install cagefs
$ /usr/sbin/cagefsctl --init
That last command will create skeleton directory that might be around 7GB in
size. If you don’t have enough disk space in /usr/share, use following
commands to have cagefs-skeleton being placed in a different location:
$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
On cPanel servers, if you will be placing skeleton into /home directory, you
must configure the following option in:
cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic
Config -> Additional home directories
Change the value to blank (not default “home”)
Without changing this option, cPanel will create new accounts in incorrect
places.
CageFS will automatically detect and configure all necessary files for:
• cPanel
• Plesk
• DirectAdmin
• ISPmanager
• Interworx
• MySQL
• PostgreSQL
• LiteSpeed
Managing Users
———————-
CageFS provides for two modes of operations:
1. Enabled for all, except those that are disabled
2. Disabled for all, except those that are enabled
Mode #1 is convenient for production operation, where you want all new users
to automatically be added to CageFS.
Mode #2 is convenient while you test CageFS, as it allows you to enable it on
one by one for your customers.
To start using CageFS you have to select one of the mode of operations.
$ /usr/sbin/cagefsctl –enable-all
or
$ /usr/sbin/cagefsctl –disable-all
or
$ /usr/sbin/cagefsctl –toggle-mode
That will switch the operation mode, preserving current disabled/enabled
users.
To enable individual user do:
$ /usr/sbin/cagefsctl –enable [username]
To disable individual user:
$ /usr/sbin/cagefsctl –disable [username]
To list all enabled users:
$ /usr/sbin/cagefsctl –list-enabled
To list all disabled users
$ /usr/sbin/cagefsctl –list-disabled
To see current mode of operation:
$ /usr/sbin/cagefsctl –display-user-mode
Command line tools
—————————
cagefsctl is used to manage CageFS. It allows you to initialize and update
CageFS, as well as enable/disable CageFS for individual users.
$ man cagefsctl
==========
PHP SELECTOR
==========
PHP Selector is a CloudLinux component that sits on top of CageFS. It allows
each user to select PHP version & module based on their needs. PHP Selector
requires account to have CageFS enabled to work.
Installation
—————
The installation of PHP Selector presumes that you already have CageFS & LVE
Manager installed.
Installation of different versions of PHP & modules:
$ yum groupinstall alt-php
Update CageFS & LVE Manager with support for PHP Alternatives
$ yum update cagefs lvemanager
Command Line Tools
—————————-
/usr/bin/cl-selector – tool is used to select version of PHP interpreter
inside CageFS
-l | –list : List available alternatives for item specified
-L | –list-extensions : List available extensions for a user
-e | –enable : Enable an extension for a user
-i | –interpreter : Specify an interpreter for an extension (e.g. php)
-d | –disable : Disable an extension for a user
-a | –all : Show available extensions for a user
-c | –current : Print alternative currently in use for a user
-u | –user : Specify a user
-v | –version : Specify a version for an alternative
-s | –select : Select an alternative to be used
-p | –prove : Print if CageFS enabled for a given user
-r | –reload : Reload specified processes for a given user
-b | –backup : backup linkage configuration for a user
-q | –quiet : Suppress error messages
-h | –help : Print this message
Individual PHP.ini files
——————————
File alt_php.ini is located in /etc/cl.php.d/alt-phpXX (XX – version of PHP,
like 52 or 53). The file contains PHP extension settings and extension
directives selected by customer. This file exists for each customer, for each
PHP version.
This file has to be updated using cagefsctl –rebuild-alt-php-ini after
updating alt-php RPMs
Admin can change individual settings for PHP extensions by changing that
extension’s ini file, like editing
/opt/alt/php54/etc/php.d.all/eaccelerator.ini
and then running
$ cagefsctl –rebuild-all-php-ini
to propagate the change.
Using PHP Selector
————————
Once PHP Selector is installed you will see “Selector” tab in LVE Manager.
PHP Selector lets you select default PHP version, as well as modules that
will be available to user out of the box. Inside cPanel, User will be able
to change PHP version they would have, As well as modules that they want to
use:
End user directories
—————————
Following files and directories are created inside CageFS for each customer
/etc/cl.selector -> php binaries symbolic links
/usr/selector/php -> native PHP binaries
/etc/cl.php.d/alt-php* –> links to enabled modules.
like:
/etc/cl.php.d/alt-php54/fileinfo.ini ->
/opt/alt/php54/etc/php.d.all/fileinfo.ini
Compiling your own extensions
—————————————-
If you have decided that you want to build it on your own, you would need to
build it for each and every supported version of PHP that you have installed.
The module installation process is the same as you would do for any other
module.
The only difference is that you have to explicitly use correct version of
phpize. Like for PHP 5.2, you would use:
/opt/alt/php52/usr/bin/phpize
And for PHP 5.3 you would use:
/opt/alt/php53/usr/bin/phpize
Once you have a module compiled:
•add ini files for modules to /opt/alt/phpXX/etc/php.d.all
•add so files to /opt/alt/phpXX/usr/lib/php/modules
•execute cagefsctl –setup-cl-selector
Roll your own PHP
————————
To add your own PHP version in PHP Selector
1. create directory in /opt/alt (like: /opt/alt/php51), and mimic directory
structure inside to be similar to the one for PHP versions bundled by
CloudLinux.
•Put all the ini files for all the modules into /opt/alt/php51/etc/php.d.all
•Create symbolic link /opt/alt/php51/etc/php.d -> /etc/cl.php.d/alt-php51
Place all so files into /opt/alt/php51/usr/lib/php/modules
Add absolute path to PHP binaries into /etc/cl.selector/selector.conf using
following format:
php 5.1 5.1.2 /opt/alt/php51/usr/bin/php-cgi
php-cli 5.1 5.1.2 /opt/alt/php51/usr/bin/php
php-fpm 5.1 5.1.2 /opt/alt/php51/usr/sbin/php-fpm
^ ^ ^ ^—– absolute path
| | |———————- real version
| |
| | ————————– version to display
|
|——————————— binary to ‘substitute’
Execute cagefsctl –setup-cl-selector
New version of PHP should be available now for selection in PHP Selector.
