/bin/cat: /var/.cagefs/.cagefs.token: Permission denied

Yesterday, one of our customers reported an issue with a PHP mail form that was using mail() function to send outgoing emails. The problem was simple, it was unable to send any emails usign that form.

We were able to reproduce the problem, and determined that the problem was caused by CloudLinux CageFS security.

The error was logged inside Apache’s error_log and was captured using tail and grep against my network IP while doing trying to reproduce the problem:

tail -f /usr/local/apache/logs/error_log | grep XX.XX.XX.XX

This was the exact error:

/bin/cat: /var/.cagefs/.cagefs.token: Permission denied
You are not authorized to run this command

It seems CageFS was restricting the use of /bin/cat binary, and that was the reason it was unable to send outgoing email (doesn’t have any sense I know, as ‘cat’ command wasn’t inside the email form code)

The quick fix was to disable CafeFS for this user in particular:

/usr/sbin/cagefsctl --disable user

In order to check if this was sucessfully disabled it can be confirmed using:

/usr/sbin/cagefsctl --list-disabled

This is not the definitive solution, for a quick fix while you can investigate a real fix while keeping CafeFS enabled.

About the Author: Martin Keler

Leave a Reply

Your email address will not be published. Required fields are marked *