Shared hosting environments present unique security and stability challenges, as a misbehaving or compromised account can impact all other users on the same server. CloudLinux addresses these challenges with kernel-level resource isolation, hardened PHP environments, and a caged filesystem that prevents users from accessing each other's files.
CloudLinux Features for Hosting Providers
Lightweight Virtual Environment (LVE) is CloudLinux's core technology, providing per-user resource limits for CPU, memory, I/O, and the number of concurrent processes. When a user's script hits its resource ceiling, only that account is throttled, preventing one busy site from degrading performance for everyone else on the server. LVE Manager provides a web-based interface for setting and adjusting these limits.
CageFS creates an isolated virtual filesystem for each user, hiding system files and other users' home directories. Within CageFS, a user can only see their own files, a minimal set of system binaries, and the shared libraries needed to run their applications. This prevents information disclosure attacks where a PHP script might read /etc/passwd, probe other users' files, or discover server configuration details.
HardenedPHP provides extended security support for older PHP versions that the upstream PHP project no longer maintains. Many shared hosting customers run legacy applications that require PHP 5.2, 5.3, or 5.4, and HardenedPHP backports critical security patches to these versions. Combined with PHP Selector, which lets each user choose their PHP version, CloudLinux helps hosting providers support a wide range of customer applications securely.