61 lines
852 B
Plaintext
61 lines
852 B
Plaintext
|
=================
|
||
|
|
Security Features
|
||
|
|
=================
|
||
|
|
|
||
|
|
------------
|
||
|
|
Module: core
|
||
|
|
------------
|
||
|
|
|
||
|
|
:Author: Jan Kneschke
|
||
|
|
:Date: $Date: 2004/08/29 09:44:53 $
|
||
|
|
:Revision: $Revision: 1.2 $
|
||
|
|
|
||
|
|
:abstract:
|
||
|
|
lighttpd was developed with security in mind ...
|
||
|
|
|
||
|
|
.. meta::
|
||
|
|
:keywords: lighttpd, security
|
||
|
|
|
||
|
|
.. contents:: Table of Contents
|
||
|
|
|
||
|
|
Description
|
||
|
|
===========
|
||
|
|
|
||
|
|
Limiting POST requests
|
||
|
|
----------------------
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
::
|
||
|
|
|
||
|
|
server.max-request-size = <kbyte>
|
||
|
|
|
||
|
|
System Security
|
||
|
|
---------------
|
||
|
|
|
||
|
|
Running daemons as root will full privileges is a bad idea in general.
|
||
|
|
lighttpd runs best without any extra privileges and runs perfectly in chroot.
|
||
|
|
|
||
|
|
Change Root
|
||
|
|
```````````
|
||
|
|
|
||
|
|
server.chroot = "..."
|
||
|
|
|
||
|
|
Drop root-privileges
|
||
|
|
````````````````````
|
||
|
|
|
||
|
|
server.username = "..."
|
||
|
|
server.groupname = "..."
|
||
|
|
|
||
|
|
FastCGI
|
||
|
|
```````
|
||
|
|
|
||
|
|
fastcgi + chroot
|
||
|
|
|
||
|
|
Permissions
|
||
|
|
```````````
|
||
|
|
|
||
|
|
::
|
||
|
|
|
||
|
|
$ useradd wwwrun ...
|