Lighttpd

1. dont install phpshell
2. run php under a different uid with external spawning.

and i highly doubt that any other user can kill lighttpd. just any app that runs under www-data.
and btw: this is the same for apache or any other webserver.

darix wrote:

1. dont install phpshell
2. run php under a different uid with external spawning.

and i highly doubt that any other user can kill lighttpd. just any app that runs under www-data.
and btw: this is the same for apache or any other webserver

Thanks Darix
You are right about not all users can kill lighttpd.

im not install phpshell, but i cant stop users in my server to upload phpshell and kill the process
this happends recently.

i dont think apache has this problem cus i've tested it

just www-data can kill lighttpd

i dont know how to stop www-data to kill lighttpd

If php and lighty run as the same user, php will always be able to kill lighty and vice versa. This is normal (a user can kill his own processes).
Run php as a different user. And yes, this is the same with any other program including apache and there is absolutely nothing wrong with it.

Thanks very much
i get it, i'll try to set php to run different UID