What is CloudLinux?


#1

What is CloudLinux?

CloudLinux is an optional cPanel/Linux add-on that provides enhancements which are designed to guard against performance spikes, slowdowns, and unexpected downtime as well as additional security enhancements.

Some of the key benefits that CloudLinux brings to cPanel/Linux servers are listed below:

  • Stability:
  • Security:
  • Functionality:

Stability

The CloudLinux environment offers two key features that work to ensure the stability of the server keeping the system from being overwhelmed by rogue processes.

  • LVE Manager
  • MySQL Governor

LVE Manager

The LVE (Lightweight Virtual Environment) manager is a technology that allows System Administrators to restrict the resource allocation to users on an individualized basis. This allows the administrators to impose limitations on resource utilization in the cases of poorly optimized sites or attacks.

System administrators will be able to limit usage based on the following values:

  • Memory: Limits the amount of physical memory usage.
  • IO: restricts the amount of input/output to the disk.
  • CPU: Limits the maximum amount of processing power usage.
  • Number of Processes: restricts the total number of processes allow to a user.
  • Entry Processes: limits the number of parallel processes from a single site visitor.
  • Inode: restricts the number of inodes indicates the number of files and folders an account.

MySQL Governor

The MySQL Governor tracks CPU and disk IO usage for each user and throttles MySQL queries based on the same-per-user LVE limits. This allows the MySQL Governor to proactively identify what users are running abusive queries and will stop the process itself.

Note: The MySQL Governor supports MySQL 5.1 - 5.7 & MariaDB 5.x - 10.x

Security

The CloudLinux OS can also improve the security of the system from an account level which can help to keep issues localize to a single user instead of allowing the issues to affect the whole server. CloudLinux can do this by using the following features:

  • CageFS
  • HardenedPHP
  • SecureLinks

CageFS

CageFS is a virtualized file system that is implemented on a per-user basis. This technology allows a user to be encapsulated uniquely so that the users are not capable of sharing information, cross directory. This provided unparalleled functionality for the user while simultaneously keeping them isolated. Often we see that security measure impede functionality. With CageFS that is not the case, it is practically invisible to the user.

HardenedPHP

The HardenedPHP feature is CloudLinux’s answer to PHP.net community’s affinity for dropping security support of PHP versions. While that is normal for code bases that are actively developing new versions to allocate more time on the new versions, there are a lot of applications that have been built using native functionality of those older versions. HardenedPHP is a method of addressing those security issues allowing for safer use of older PHP version in a shared system.

Note: The emphasis here is that it is safer not that it is necessarily safe. We will always recommend to upgrade where possible and to use caution with older code base versions.

SecureLinks

The SecureLinks feature works to prevent symlink attacks that can take advantage of some of cPanel navigate web processes like the file manager, WebDAV, and webmail. While CageFS is implemented to keep the users separated from each other, SecureLinks will stop attempts from a user to reach within the system and symlink to the sensitive files in the system like password or configuration files

Functionality

CloudLinux also adds a significant amount of functionality that makes the administration of a cPanel system much easier and can improve the performance of the system itself beyond making the system more stable. CloudLinux OS accomplishes this by using the following features:

  • PHP Selector:
  • Mod_Isapi:

PHP Selector

A key feature of the CloudLinux system is the way that it handles unique PHP assignment per user. Built off of the features of the CageFS system, the PHP selector allows users to adjust their PHP version on the fly. While possible without a PHP Selector the implementation of dynamic libraries makes enabling and disabling extensions and modifying key PHP values a breeze.

Note: While cPanel now has a native MultiPHP capability, we have found that the PHP selector offered by CloudLinux can be superior in implementation and easier to manage.

Mod_Isapi

This Apache module is utilized for serving PHP pages and is a replacement for the default SuPHP, FCGID, RUID2, and ITK modules implemented by cPanel environments. Mod_Isapi supports the PHP selector and will be influenced by the PHP directives in the .htaccess file. Comparative to other options like PHP FPM and Mod_fcgid, Mod_Isapi has a low memory footprint with little to no input from the systems administrators. Out of the gate, this is a very effective way to quickly implement resource efficiency for you PHP processes.