![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to security.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated|
Return to security.txt CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd / doc / outdated |
1.1 misho 1: =================
2: Security Features
3: =================
4:
5: ------------
6: Module: core
7: ------------
8:
9: :Author: Jan Kneschke
10: :Date: $Date: 2004/08/29 09:44:53 $
11: :Revision: $Revision: 1.2 $
12:
13: :abstract:
14: lighttpd was developed with security in mind ...
15:
16: .. meta::
17: :keywords: lighttpd, security
18:
19: .. contents:: Table of Contents
20:
21: Description
22: ===========
23:
24: Limiting POST requests
25: ----------------------
26:
27:
28:
29: ::
30:
31: server.max-request-size = <kbyte>
32:
33: System Security
34: ---------------
35:
36: Running daemons as root with full privileges is a bad idea in general.
37: lighttpd runs best without any extra privileges and runs perfectly in chroot.
38:
39: Change Root
40: ```````````
41:
42: server.chroot = "..."
43:
44: Drop root privileges
45: ````````````````````
46:
47: server.username = "..."
48: server.groupname = "..."
49:
50: FastCGI
51: ```````
52:
53: fastcgi + chroot
54:
55: Permissions
56: ```````````
57:
58: ::
59:
60: $ useradd wwwrun ...