# Security

## Notes

Buthd should not have filesystem permission. It just translates HTTP/9P. Gets everything it needs from the 9P file servers.

Concentrate TLS in relayd(8). Backend servers should not have to manage certificates, or even have access to them. They should not even have filesystem permission if possible. Buthd and httpd serve plain HTTP over Unix domain sockets or a secure VPN, e.g. Tailscale.

Run all processes in chroot. This should be handled by the rc.d init script, not by the program, to avoid having to start as root before dropping privileges. Just start as unprivileged user in chroot to begin with.

[[auth#Implementation notes]]