Base Home Directory

Navigation:  CageFS > Configuration >

Base Home Directory

Previous pageReturn to chapter overviewNext page

If you have a custom setup where home directories are in a special format, like: /home/$USERNAME/data, you can specify it using regular expressions. This is needed by CageFS to create safe home space for end user, where no other users are visible.

 

We will create empty: /var/cagefs/[prefix]/$USERNAME/home, and then mount /home/$USERNAME in that directory

 

To do that, create file: /etc/cagefs/cagefs.base.home.dirs

 

With content like:

 

^/home/
^/var/www/users/

 

If there is no such file, the home directory without last component will be considered as a base dir, like with

/home/$USERNAME we would create /var/cagefs/[prefix]/$USERNAME/home, and then mount

/home/$USERNAME in there

 

WIth /home/$USERNAME/data as a home dir, we would assume that /home/$USERNAME is the base directory, and we would create /var/cagefs/[prefix]/$USERNAME/home/$USERNAME/data and then we would mount /home/$USERNAME/data -- which would cause each user to see empty base directories for other users, exposing user names.

 

 

Sharing home directory structure among users

 

When you want to share directory structure among multiple users, you can add following line at the top of the /etc/cagefs/cagefs.base.home.dirs file. This is useful on the systems that support sites with multiple users, with different home directories inside main 'site' directory.

mount_basedir=1

 

 

For example:

 

user1 has home directory /var/www/vhosts/sitename.com/web_users/user1

user2 has home directory /var/www/vhosts/sitename.com/web_users/user2

site admin has home directory /var/www/vhosts/sitename.com

 

So, content of /etc/cagefs/cagefs.base.home.dirs should be the following:

 

mount_basedir=1
^/var/www/vhosts/[^/]+

 

Directory structure in /var/www/vhosts/sitename.com will be mounted in CageFS for appropriate users.

Each user will have access to whole directory structure in /var/www/vhosts/sitename.com (according to their permissions).

 

* Note: you should execute cagefsctl --remount-all in order to apply changes to CageFS (i.e. remount home directories).