|
Revision 1349, 0.8 kB
(checked in by darix, 2 years ago)
|
|
- merged lighttpd-merge-1.4.x so we finally work in trunk/ ! yeah \o/
|
-
Property svn:eol-style set to
native
|
| Line | |
|---|
| 1 | ================= |
|---|
| 2 | Security Features |
|---|
| 3 | ================= |
|---|
| 4 | |
|---|
| 5 | ------------ |
|---|
| 6 | Module: core |
|---|
| 7 | ------------ |
|---|
| 8 | |
|---|
| 9 | :Author: Jan Kneschke |
|---|
| 10 | :Date: $Date: 2005-03-28T08:30:05.699628Z $ |
|---|
| 11 | :Revision: $Revision: 227 $ |
|---|
| 12 | |
|---|
| 13 | :abstract: |
|---|
| 14 | lighttpd was developed with security in mind ... |
|---|
| 15 | |
|---|
| 16 | .. meta:: |
|---|
| 17 | :keywords: lighttpd, security |
|---|
| 18 | |
|---|
| 19 | .. contents:: Table of Contents |
|---|
| 20 | |
|---|
| 21 | Description |
|---|
| 22 | =========== |
|---|
| 23 | |
|---|
| 24 | Limiting POST requests |
|---|
| 25 | ---------------------- |
|---|
| 26 | |
|---|
| 27 | |
|---|
| 28 | |
|---|
| 29 | :: |
|---|
| 30 | |
|---|
| 31 | server.max-request-size = <kbyte> |
|---|
| 32 | |
|---|
| 33 | System Security |
|---|
| 34 | --------------- |
|---|
| 35 | |
|---|
| 36 | Running daemons as root with full privileges is a bad idea in general. |
|---|
| 37 | lighttpd runs best without any extra privileges and runs perfectly in chroot. |
|---|
| 38 | |
|---|
| 39 | Change Root |
|---|
| 40 | ``````````` |
|---|
| 41 | |
|---|
| 42 | server.chroot = "..." |
|---|
| 43 | |
|---|
| 44 | Drop root privileges |
|---|
| 45 | ```````````````````` |
|---|
| 46 | |
|---|
| 47 | server.username = "..." |
|---|
| 48 | server.groupname = "..." |
|---|
| 49 | |
|---|
| 50 | FastCGI |
|---|
| 51 | ``````` |
|---|
| 52 | |
|---|
| 53 | fastcgi + chroot |
|---|
| 54 | |
|---|
| 55 | Permissions |
|---|
| 56 | ``````````` |
|---|
| 57 | |
|---|
| 58 | :: |
|---|
| 59 | |
|---|
| 60 | $ useradd wwwrun ... |
|---|
