Search our site for answers
Help Docs Server Administration Linux Server Administration What is CloudLinux?

What is CloudLinux?

If you have multiple cPanel accounts and domains on your server, you may want to look into CloudLinux as a way to help restrict the amount of memory each user can access with their site. CloudLinux partitions, allocates and limits server resources like memory, CPU and connections for each user. This makes sure that users don't jeopardize the stability of the server and cause sites to slow down or in the worst case, stop loading completely.
Control Panel Server Management Web Development Websites WHM
4 min read

CloudLinux Overview

If you have multiple cPanel accounts and domains on your server, you may want to look into CloudLinux as a way to help restrict the amount of memory each user can access with their site. CloudLinux partitions, allocates and limits server resources like memory, CPU and connections for each user. This makes sure that users don’t jeopardize the stability of the server and cause sites to slow down or in the worst case, stop loading completely.

Get VPS hosting with CloudLinux

LVE Manager in CloudLinux

The CloudLinux kernel uses Lightweight Virtual Environment (LVE), a technology that has common roots with container based virtualization by using cgroups, meaning control groups that limit, account for and isolate the resource usage of a collection of processes. The goal of LVE is to make sure that no single website will bring down your server. LVE prevents a single site from consuming all CPU, IO, Memory resources and Apache processes.

The LVE Manager in CloudLinux allows you to:

  • Limit resources per single account.
  • Create and apply default packages.
  • View usage history per account.
  • Identify abusers and take corrective actions.
  • Identify top users and up-sell to higher-end plans.

LVE Manager Controls include the ability to limit the following:

  • Memory
    CloudLinux is able to identify, in real time, the amount of memory actually used by an end customer’s processes. Physical memory limits are especially effective in preventing out of memory (OOM) issues and customers’ ballooning memory usage, which destroys caches and causes server overload.
  • IO
    IO limits restrict the data throughput for the customer. They are measured in KB/s. Because IO is one of the scarcest resources in shared hosting, the ability to put an upper limit on customer use is vital.
  • CPU
    CPU limits establish the maximum amount of CPU resources that an account can use. When a user hits the CPU limit, processes within that limit are slowed down. CPU limits are crucial in preventing CPU usage spikes, which can often make servers slow and unresponsive.
  • Number of Processes
    Number of processes limits control the total number of processes within LVE. Once the limit is reached, no new process can be created until another one has finished. This effectively prevents fork bombs and similar DoS attacks.
  • Entry Processes
    The best way to think about this type of limit is as the number of web scripts that can be executed in parallel by visitors to a site. These limits are important to preventing single sites from hogging all Apache slots, thus causing Apache to be unresponsive.
  • Inode
    An inode is a data structure on a file system that is used to keep information about a file or a folder. The number of inodes indicates the number of files and folders an account has. Inodes limits work on the level of disk quota.

CageFS

A virtualized file system and set of tools to contain each user to its own “cage.” This allows the site to have its own functional system tools and files without hindering another sites space.

CageFS allows only safe binaries to be available, keeps users from seeing other users and provides no way to detect the presence of other users and their usernames on the server. Any server configuration files, such as Apache config files are kept away from the user and only allows limited view of the /proc file system.

CageFS will cage any scripts execution done via:

  • Apache (suexec, suPHP, mod_fcgid, mod_fastcgi)
  • LiteSpeed Web Server
  • Cron Jobs
  • SSH
  • Any other PAM enabled service

MySQL Governor

The MySQL governor will monitor and restrict MySQL usage in the shared environment. It can kill off slow SELECT queries and has multiple modes of operations depending on the configuration.

MySQL Governor supports the following limits:

  • CPU
    Measured in a percentage, it will be CPU speed relative to one core, 150% would mean one and a half cores.
  • READ
    Measured in bytes, it is the total bytes read. Cached reads are not counted, only those that are actually read from the disk.
  • WRITE
    Also measured in bytes, it is the total bytes written. Cached writes are not counted, only once data is actually written to disk will it be counted.

PHP Selector

This is a component that allows each user to select the PHP version and module based on their needs. it is compatible with suPHP, mod_fcgid, CGI (suexec), and LiteSpeed.

Compatibility Issue

CloudLinux PHP Selector is not compatible with mod_php/DSO, mod_ruid2, MPM ITK or PHP_FPM.

One of the kernel settings within CloudLinux is SecureLinks. This allows for comprehensive protection against symbolic link attacks.

Host with the CloudLinux experts

Explore Liquid Web’s wide range of CloudLinux hosting options

See all hosting plans
Was this article helpful?