Lighttpd

This does not belong in the "Development" forum. Moved to "Support".

You probably haven't properly restarted lighttpd, as server.username and server.groupname are how to tell lighttpd to use a different user and group, if lighttpd is started as root. Another possibility is that you're not using the lighttpd.conf you think that you are using.

Please check following lighttpd.conf file that I am using:-

server.modules = (
        "mod_alias",
        "mod_access",
        "mod_fastcgi",
        "mod_setenv")
server.document-root = "/var/www" 
    server.event-handler = "poll" 
    mimetype.assign = (
    ".css"          =>      "text/css",
    ".wav"          =>      "audio/x-wav",
    ".gif"          =>      "image/gif",
    ".jpg"          =>      "image/jpeg",
    ".jpeg"         =>      "image/jpeg",
    ".png"          =>      "image/png",
    ".html"         =>      "text/html",
    ".htm"          =>      "text/html",
    ".js"           =>      "text/javascript",
    ".conf"         =>      "text/plain",
    ".text"         =>      "text/plain",
    ".txt"          =>      "text/plain",
    ".dtd"          =>      "text/xml",
    ".xml"          =>      "text/xml",
    ".tar"          =>      "application/x-tar",
    ".zip"          =>      "application/zip")
    index-file.names = ( "index.html", "index.htm" )
    alias.url += ( "" => server.document-root )

server.upload-dirs = ( "/run" )
server.stream-request-body = 2
server.username = "abc" 
server.groupname = "abc" 
server.bind = "0.0.0.0" 
server.port = 80
$SERVER["socket"] == "[::]:80" { }

I changed .conf file as above and performed following steps:-
Step 1:- Kill current lighttpd process

xxx.xxx.xxx.xxx # ps -aux | grep light
root      1033  0.0  2.1   7248  2484 ?        S    10:50   0:00 lighttpd -f /run/lighttpd.conf
root      1261  0.0  0.9   2588  1088 pts/0    S+   11:03   0:00 grep light
xxx.xxx.xxx.xxx # kill -9 1033

Step 2 :- Start the lighttpd using lighttpd.conf

xxx.xxx.xxx.xxx # lighttpd -f /run/lighttpd.conf

Step 3:- Check user of started lighttpd

xxx.xxx.xxx.xxx # ps -aux | grep light
root      1273  0.0  0.8   5556  1024 ?        S    11:04   0:00 lighttpd -f /run/lighttpd.conf
root      1275  0.0  0.9   2588  1088 pts/0    S+   11:04   0:00 grep light
xxx.xxx.xxx.xxx #

In step 3, lighttpd is started successfully and it is expected to run as 'abc' user but it is still running on 'root'.

Are the above configurations correct?

Thanks

As I said before, the directives are correct. You (and your system) must be doing something else.

server.username = "abc" 
server.groupname = "abc" 

Is your system restarting lighttpd via init scripts? systemctl stop lighttpd or /etc/init.d/lighttpd stop

After killing lighttpd processes, manually run lighttpd in the foreground using -D

lighttpd -D -f /run/lighttpd.conf

No, i am not using any init scripts to restart lighttpd. To restart, killing lighttpd process manually and starting lighttpd again.

Output of lighttpd -D command:-

xxx.xxx.xxx.xxx # ps -aux | grep light
root      1366  0.1  1.6   5556  1932 pts/0    S+   06:01   0:00 lighttpd -D -f /run/lighttpd.conf
root      1387  0.0  0.9   2588  1084 pts/1    S+   06:01   0:00 grep light

What error does lighttpd show when the user in server.username directive is not permitted?

What permissions are required for user 'abc' when used with server.username & server.groupname directives?

In above lighttpd.conf file, fast_cgi process is also spawned. Will that affect the execution of above directives?

Thanks.

You clearly have not described your environment well.

Are you sure about the contents of /run/lighttpd.conf? Perhaps you're not generating what you think you're generating into /run/lighttpd.conf.

The simplest lighttpd config to demonstrate that this functionality works is three lines:

server.document-root = "/var/www" 
server.username = "abc" 
server.groupname = "abc" 

That's it. That's the whole lighttpd config, in its entirety. If that config doesn't work for you with lighttpd -D -f /path/to/test.conf then use strace -o /dev/shm/lighttpd-strace.log -s 2048 -- lighttpd -D -f /path/to/test.conf and attach the log.