Im looking to have cagefs on my severs for current jailshell users and i have some questions.
Although i see there are a instructions to install in a specific cpanel server, looks like there isnt any plugin or graphical way to active per user as it have currently for jailshell or shell in WHM.
Should i proceed to first disable all the shell/jailshell at cpanel and then enable cagefs for the desired users?
What happen if by error once cagefs is enabled in a user i go ahead and enable cpanel jailshell for that same user, this will somehow create a conflict?
1) I recently went through some hoops to get rssh setup so that i can provide users scp access. so does this actually allow someone to ssh or scp into the server if active without having ssh enabled? I read the docs but really am still unclear.
2) does it only create 1 set of extra binaries (unlike jailshell which creates a new set for every user)?
1. You would still need to enable SSH for the user -- like you would regularly do it. It just that would not see anyone on the server but themselves, and their ability to do any damage (or to discover any info they shouldn\'t be able to discover) highly diminished.
2. Yes, one set of binaries for all.
3. Wait for CageFS 3.0 -- should be coming out tomorrow... or I will start firing my developers
I see beta 3.0 is out and looking the cpanel plugin images i see they are listing the user that you wish to enable/disable cagefs, wondering if it only show the already cpanel jailshell or shell enabled users or it list all the server users?
1. CageFS covers shell, cron jobs and web sessions. Enabling cagefs for the user will make sure that if user executes anything via any of this 3 vectors, it will be caged.
2.You should disable JailShell when using CageFS (as cagefs provides similar infrastructure + more).
3. If user has shell enabled, his shell session will be caged (as long as he has CageFS enabled), if shell is disabled -- he will not have shell access.
Thanx Igor...to clarify, in my case i only provide Jailshell to users so in this case i have to disable jailshell, then enabled Shell and then enable cagefs? Or simply disabling jailshell and enabling cagefs it will automatically enable shell too in cpanel?
Or i have to go to enable shell and then enable cagefs for those users?