Announcement

Collapse
No announcement yet.

How to setup Memcached for caged users in CloudLinux 7 (cPanel)?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup Memcached for caged users in CloudLinux 7 (cPanel)?

    All my user accounts have cagefs enabled. Will using a common network interface or unix socket configuration in memcached provide sufficient isolation of cache data across user accounts?

    I have done this so far:

    1) Install memcache service:
    yum install memcached

    2) Configured memcached to listen on port 11211 on localhost:
    nano /etc/sysconfig/memcached

    OPTIONS="-l 127.0.0.1 -U 0"

    3) Enabled memcached php extension for the user in PHP Selector.

    4) Started the memcache service:
    systemctl enable memcached

    5) Checked it's running:
    systemctl status memcached

    5) Checked the port is blocked on the firewall.

    Would be great to hear from anyone who has this working securely in a shared CL7 environment with caged accounts.

    Many thanks!

  • #2
    Unfortunately, due to the nature of memcached it still will use the same storage for all the users and there is no easy way to isolate it. However, this does not mean Memcached is unsecured as applications can still use different keys to maintain the data.

    As far as I know, there were feature requests to cPanel to create plugins for socket per user, but they never made it.

    Comment


    • #3
      Ok great, thanks. I'll use good key prefixes and encryption of data in each app just to be sure. Could use sasl too but as its only localhost available, authentication may be overkill.

      Comment

      Working...
      X