CloudLinux is a hosting-oriented Linux distribution based on CentOS. It uses the LVE (Lightweight virtual environment) kernel technology that is similar to OpenVZ in some aspects or to other OS-based virtualization technologies.
In shared hosting, the most common downtime reason is a single account grabbing most of the shared resources due to heavy site(-s) or unoptimized script(-s). CloudLinux OS is designed especially for servers being used in this way, making the situation where one or several users cause severe load or even hang up the server impossible.
CloudLinux improves server stability by encapsulating each client in a secure, isolated environment. It means that each user on the server is limited by the number of resources it can use, being placed in a so-called ‘container’ (separated operating environment).
The following diagram demonstrates the work of the Traditional server environment vs. CloudLinux:
Additionally, CloudLinux includes CageFS, a virtualized file system, a set of tools to contain each user in its own ‘cage’. Each customer has its own fully functional CageFS with all the system files, tools, etc.
The benefits of CageFS:
- Only safe binaries are available to the user
- The user will not see any other users and would have no way to detect the presence of other users & their user names on the server
- The user will not be able to see server configuration files, such as Apache config ones
- The user will have a limited view of the /proc file system and will not be able to see other users’ processes
CageFS will also cage any scripts execution, so in case any executable malware is opened in a different cPanel account, it will not reach the other ones in any way
The benefits of CloudLinux:
- Isolates the users from each other to avoid the neighbor effect
- Prevents users from seeing configuration files or any other private information
- Allows the monitoring and controlling limits, such as CPU, RAM, and I/O usage
- Monitors and operates MySQL usage
- Provides CageFS file system that uniquely encapsulates each customer
- Allows end-users to select PHP versions 5.2-5.6
- Prevents symbolic links attacks
- Compatible with all major control panels