61 lines
848 B
Plaintext
61 lines
848 B
Plaintext
=================
|
|
Security Features
|
|
=================
|
|
|
|
------------
|
|
Module: core
|
|
------------
|
|
|
|
:Author: Jan Kneschke
|
|
:Date: $Date: 2004/08/29 09:44:53 $
|
|
:Revision: $Revision: 1.2 $
|
|
|
|
:abstract:
|
|
lighttpd was developed with security in mind ...
|
|
|
|
.. meta::
|
|
:keywords: lighttpd, security
|
|
|
|
.. contents:: Table of Contents
|
|
|
|
Description
|
|
===========
|
|
|
|
Limiting POST requests
|
|
----------------------
|
|
|
|
|
|
|
|
::
|
|
|
|
server.max-request-size = <kbyte>
|
|
|
|
System Security
|
|
---------------
|
|
|
|
Running daemons as root with full privileges is a bad idea in general.
|
|
lighttpd runs best without any extra privileges and runs perfectly in chroot.
|
|
|
|
Change Root
|
|
```````````
|
|
|
|
server.chroot = "..."
|
|
|
|
Drop root privileges
|
|
````````````````````
|
|
|
|
server.username = "..."
|
|
server.groupname = "..."
|
|
|
|
FastCGI
|
|
```````
|
|
|
|
fastcgi + chroot
|
|
|
|
Permissions
|
|
```````````
|
|
|
|
::
|
|
|
|
$ useradd wwwrun ...
|