[pkg-lighttpd] Bug#573320: lighttpd: Don't run Lighttpd as www-data

Marco d'Itri md at Linux.IT
Wed Mar 17 18:23:55 UTC 2010


On Mar 10, Olaf van der Spek <OlafvdSpek at GMail.Com> wrote:

> Would it be possible to start FastCGI processes via spawn-fcgi and to run Lighttpd as another user than www-data (maybe user lighttpd)?
> I think this improves security as FastCGI processes can no longer touch Lighttpd (and it's log files).

I believe that the correct solution would be to start the FastCGI
processes as a different user (or multiple different users, e.g. one per
web site or site component).
This would not require changing the lighttpd default configuration.

-- 
ciao,
Marco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20100317/096f4f68/attachment.pgp>


More information about the pkg-lighttpd-maintainers mailing list