DSM-G600, DNS-3xx and NSA-220 Hack Forum

dweezil · 2008-08-04 17:03:31

Hi Everyone,

I'm wondering about the level of security I need to run lighttpd with an access outside my network (i.e. the Internet). I'm really concerned about keeping my data away from the internet.

For now, I am running lighttpd as a nobody user (no root rights, shell pointing to /bin/false).

I was thinking about chrooting the lighttpd installation on top of that. Is it too much?

Thanks.

rcblackwell · 2008-08-04 17:48:33

dweezil wrote:
Hi Everyone,

I'm wondering about the level of security I need to run lighttpd with an access outside my network (i.e. the Internet). I'm really concerned about keeping my data away from the internet.

For now, I am running lighttpd as a nobody user (no root rights, shell pointing to /bin/false).

I was thinking about chrooting the lighttpd installation on top of that. Is it too much?

Thanks.

Have you seen http://dns323.kood.org/forum/t793-Reque … httpd.html ?

dweezil · 2008-08-04 18:28:49

Thanks,

I saw that when I set up my lighttpd a while ago and it helped, It's just that some stuff I want to use on my
http server uses a few files from the real root system (/proc files for example) and chrooting removes
access to those files (as far as I know).

I am only asking around if running lighttpd as a non-root user is safe enough.

Cheers

fonz · 2008-08-04 19:55:37

dweezil wrote:
I am only asking around if running lighttpd as a non-root user is safe enough.

Afaik, most web servers a hacked through flawed scripts. lighttpd is a mature server, as good as any other.

DSM-G600, DNS-3xx and NSA-220 Hack Forum

Announcement

#1 2008-08-04 17:03:31

Lighttpd and security

#2 2008-08-04 17:48:33

Re: Lighttpd and security

dweezil wrote:

#3 2008-08-04 18:28:49

Re: Lighttpd and security

#4 2008-08-04 19:55:37

Re: Lighttpd and security

dweezil wrote:

Board footer