On Wed, Mar 17, 2010 at 7:23 PM, Marco d'Itri <m...@linux.it> wrote: > On Mar 10, Olaf van der Spek <olafvds...@gmail.com> wrote: > >> Would it be possible to start FastCGI processes via spawn-fcgi and to run >> Lighttpd as another user than www-data (maybe user lighttpd)? >> I think this improves security as FastCGI processes can no longer touch >> Lighttpd (and it's log files). > > I believe that the correct solution would be to start the FastCGI > processes as a different user (or multiple different users, e.g. one per > web site or site component). > This would not require changing the lighttpd default configuration.
There are packages like phpmyadmin that depend on www-data, so you can't just change that. The Lighttpd defaults have to change anyway as now it starts PHP itself. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
