TracNav menu
-
Core Features
- Configuration File Syntax
- Configuration Options
- Change Root
- Performance
- PerformanceFastCGI
- SSL
- Traffic Shaping
- Using SMP
-
Modules
- mod_accesslog
- mod_access
- mod_alias
- mod_auth
- mod_cache
- mod_cgi
- mod_cml
- mod_compress
- mod_deflate
- mod_dirlisting
- mod_evasive
- mod_evhost
- mod_expire
- mod_extforward
- mod_fastcgi
- mod_flv_streaming
- mod_geoip
- mod_magnet
- mod_mem_cache
- mod_mysql_vhost
- mod_proxy
- mod_redirect
- mod_rewrite
- mod_rrdtool
- mod_scgi
- mod_secdownload
- mod_setenv
- mod_simple_vhost
- mod_ssi
- mod_status
- mod_trigger_b4_dl
- mod_userdir
- mod_useronline
- mod_usertrack
- mod_webdav
-
Modules (1.5 only)
- mod_proxy_core
- mod_sql_vhost_core
- mod_uploadprogress
- mod_deflate
-
Internals
- FastCGI state-engine
- Plugin interface
- HTTP state-engine
-
Additional
- User written Modules
Security Features
Module: core
| Author: | Jan Kneschke |
|---|---|
| Date: | 2004-08-29 |
| Revision: | $ |
Abstract
lighttpd was developed with security in mind ...
Description
System Security
Running daemons as root with full privileges is a bad idea in general. lighttpd runs best without any extra privileges and runs perfectly in chroot.
Change Root
server.chroot = "..."
Drop root privileges
server.username = "..." server.groupname = "..."
FastCGI
In order to chroot a FastCGI server separately from lighttpd, there are a few extra steps to be aware of. First, configure lighttpd to expect an external FastCGI server, and set the docroot variable relative to the FastCGI server's chroot, rather than relative to lighttpd:
fastcgi.server = (".fcgi" =>
(
( "docroot" => "/directories/past/chroot/"
)
)
)
Second, make sure that /bin/sh exists in the FastCGI server's chroot, with precisely that path, since spawn-fcgi depends on its presence inside the chroot.
Finally, pass '-u <user> -g <group> -c /path/to/chroot' as arguments to spawn-fcgi when starting the FastCGI server. As with chrooting lighttpd, it is important to run the FastCGI server as a user without root permissions, because root is able to escape chroot.
Permissions
to be documented
(the above text was originally taken directly from doc/security.txt)
Note that chroot is not the the ultimate security feature, but it is a reasonable additional step to take in securing your web server. Most importantly, setting up a chroot without dropping root privileges will have zero effect, as the root user can break out of chroot trivially. On some server platforms, other options such as FreeBSD Jail, Solaris Containers, or Virtualized servers may be superior options that don't directly involve the configuration of Lighttpd.
