lighttpd1.4/doc/security.txt

=================
Security Features
=================

------------
Module: core
------------

:Author: Jan Kneschke
:Date: $Date: 2004/08/29 09:44:53 $
:Revision: $Revision: 1.2 $

:abstract:
  lighttpd was developed with security in mind ...

.. meta::
  :keywords: lighttpd, security

.. contents:: Table of Contents

Description
===========

Limiting POST requests
----------------------


::

   server.max-request-size = <kbyte>

System Security
---------------

Running daemons as root with full privileges is a bad idea in general.
lighttpd runs best without any extra privileges and runs perfectly in chroot.

Change Root
```````````

server.chroot = "..."

Drop root privileges
````````````````````

server.username = "..."
server.groupname = "..."

FastCGI
```````

fastcgi + chroot

Permissions
```````````

::

  $ useradd wwwrun ...
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-02-20 14:27:00 +00:00			`=================`
			`Security Features`
			`=================`

			`------------`
			`Module: core`
			`------------`

			`:Author: Jan Kneschke`
			`:Date: $Date: 2004/08/29 09:44:53 $`
			`:Revision: $Revision: 1.2 $`

			`:abstract:`
			`lighttpd was developed with security in mind ...`
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9 2006-10-04 13:26:23 +00:00
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-02-20 14:27:00 +00:00			`.. meta::`
			`:keywords: lighttpd, security`
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9 2006-10-04 13:26:23 +00:00
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-02-20 14:27:00 +00:00			`.. contents:: Table of Contents`

			`Description`
			`===========`

			`Limiting POST requests`
			`----------------------`



			`::`

			`server.max-request-size = <kbyte>`

			`System Security`
			`---------------`

updated the latest changes and fixed the typos and wording in the docs (Ryan Schmidt) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@895 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-12-20 14:02:44 +00:00			`Running daemons as root with full privileges is a bad idea in general.`
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-02-20 14:27:00 +00:00			`lighttpd runs best without any extra privileges and runs perfectly in chroot.`

			`Change Root`
			```````````

			`server.chroot = "..."`

updated the latest changes and fixed the typos and wording in the docs (Ryan Schmidt) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@895 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-12-20 14:02:44 +00:00			`Drop root privileges`
moved everything below trunk/ and added branches/ and tags/ git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9 2005-02-20 14:27:00 +00:00			````````````````````

			`server.username = "..."`
			`server.groupname = "..."`

			`FastCGI`
			```````

			`fastcgi + chroot`

			`Permissions`
			```````````

			`::`

			`$ useradd wwwrun ...`