Why CageFS installation changes jailshell to regular bash on cPanel?

During CageFS package installation or update all users with jailshell enabled will have it changed to regular /bin/bash in /etc/passwd .

This is done to avoid possible conflict with virtfs when non-cagefs user enters to virtfs, jailshell copies all mountpoints from cagefs-skeleton to /home/virtfs/$USER . Those mountpoints are duplicated for each user (approx 54 mount point per user).

 

This could result in really large number of mountpoints which could lead to slow system performance. It is secure to provide bash access to users as long as you have CageFS enabled.

Leave a Reply

Your email address will not be published. Required fields are marked *