CloudLinux by default installs /etc/cagefs/exclude/systemuserlist with usernames that do not exist in system. If client buys account named like one of those usernames (e.g. varnish) or reseller creates user named like one of those usernames, then that user will be outside CageFS with access to full user list and files outside CageFS. Tested on CloudLinux+DirectAdmin system. Task CAG-940. I was sent here from #64992. First 3 ways to bypass CageFS reported by us were fixed by You, now does not even answer (tried to report db_governor crash by unprivileged user from CageFS #64282) and You ask to publish 4th way to bypass CageFS here. What is going on?