Very strange issue with lighttpd / php and shell_exec

df8oe · October 6, 2025, 3:10pm

I have a simple php script:

<?php shell_exec("ls -l /dev/ttyUSB*");

If I call this script via command line with

sudo -u http php /path/to/php-script

everything is working as expected. I see all serial USB devices. user http has group uucp - not astonishing at all. But if I call this script via browser and lighttp it does not find any of the serial devices! lighttp is running as user http and uses fastcgi. php is working fine (phpinfo(); shows it is working fine) - but I cannot access serial devices… I have for testing set permissions of all ttyUSB* to 666 but that does not change anything. With 666 it cannot be a permission-problem - correct? But what can cause I can access via CLI but not via lighttp/fastcgi using the same user??

homelab_hacker · October 7, 2025, 1:38am

did you check if shell_exec is permitted in your php.ini file? I’m not a PHP dev, but my understanding is that this is considered pretty risky and not really to be used (of course it still is though)

df8oe · October 7, 2025, 6:19am

The complete bash script which is called does write logs and calls influx commands (it is a home automation script for managing hardware and is only accessible in my intranet). Everything else in the script is computed correctly - only access of serial devices fails.

df8oe · October 7, 2025, 9:48am

I provide more informations… This is the php to test:

<?php

echo "/:";
$test = shell_exec("ls -l / 2>&1");
echo $test;

echo "/dev:";
$test = shell_exec("ls -l /dev/ 2>&1");
echo $test;

echo "stty:";
$test = shell_exec("/usr/bin/stty -F /dev/ttyUSB1 2>&1");
echo $test;

echo "whoami:";
$test = shell_exec("whoami");
echo $test;

This is the output if I run the script via console:

sudo -u http php-cgi -f /srv/http/manageevu/test.php
/:insgesamt 1048652
lrwxrwxrwx   1 root root          7  8. Mai 01:39 bin -> usr/bin
drwxr-xr-x   3 root root       4096  1. Jan 1970  boot
-rwxr--r--   1 root root        365 13. Mär 2023  chrintonewsystem
drwxr-xr-x  18 root root       4280  6. Okt 08:45 dev
drwxr-xr-x 108 root root      12288  6. Okt 08:44 etc
drwxr-xr-x  19 root root       4096  6. Okt 21:04 hdd-backup-raspi
drwxrwxrwx  11 root root       4096 25. Feb 2025  hdd-worker
drwxr-xr-x  13 root root       4096  2. Jan 2025  home
lrwxrwxrwx   1 root root          7  8. Mai 01:39 lib -> usr/lib
drwx------   2 root root      16384 13. Mär 2023  lost+found
drwxr-xr-x   2 root root       4096  1. Jun 2021  mnt
drwxr-xr-x   5 root root       4096 22. Feb 2025  opt
dr-xr-xr-x 396 root root          0  1. Jan 1970  proc
drwxr-x---  16 root root       4096  7. Okt 10:42 root
drwxr-xr-x  36 root root       1120  6. Okt 08:43 run
lrwxrwxrwx   1 root root          7  8. Mai 01:39 sbin -> usr/bin
drwxr-xr-x   4 root root       4096  1. Jul 2021  srv
-rw-------   1 root root 1073741824 13. Mär 2023  swapfile
dr-xr-xr-x  12 root root          0  7. Okt 11:02 sys
drwxrwxrwt  13 root root        280  7. Okt 11:10 tmp
drwxr-xr-x   8 root root       4096  3. Okt 08:37 usr
drwxr-xr-x  14 root root       4096  6. Okt 06:24 var
/dev:insgesamt 0
crw-r--r-- 1 root root    10, 235  6. Okt 08:43 autofs
drwxr-xr-x 2 root root        660  6. Okt 08:43 block
drwxr-xr-x 2 root root         60  6. Okt 08:42 bsg
crw-rw---- 1 root disk    10, 234  6. Okt 08:43 btrfs-control
drwxr-xr-x 3 root root         60  1. Jan 1970  bus
crw-rw---- 1 root video  240,   0  6. Okt 08:43 cec0
crw-rw---- 1 root video  240,   1  6. Okt 08:43 cec1
drwxr-xr-x 2 root root       3580  6. Okt 08:45 char
crw------- 1 root root     5,   1  6. Okt 08:43 console
crw------- 1 root root    10, 123  6. Okt 08:43 cpu_dma_latency
crw------- 1 root root    10, 203  6. Okt 08:42 cuse
drwxr-xr-x 8 root root        160  1. Jan 1970  disk
drwxr-xr-x 2 root root         80  1. Jan 1970  dma_heap
drwxr-xr-x 3 root root        120  6. Okt 08:42 dri
crw------- 1 root root   239,   0  6. Okt 08:43 eq3loop
crw-rw---- 1 root video   29,   0  6. Okt 08:43 fb0
lrwxrwxrwx 1 root root         13  1. Jan 1970  fd -> /proc/self/fd
crw-rw-rw- 1 root root     1,   7  6. Okt 08:43 full
crw-rw-rw- 1 root root    10, 229  6. Okt 08:43 fuse
crw------- 1 root root   254,   0  6. Okt 08:43 gpiochip0
crw------- 1 root root   254,   1  6. Okt 08:43 gpiochip1
crw------- 1 root root   254,   2  6. Okt 08:43 gpiochip2
crw-rw-rw- 1 root root   254,   3  6. Okt 08:43 gpiochip3
crw-rw-rw- 1 root root   254,   4  6. Okt 08:43 gpiochip4
crw------- 1 root root   236,   0  6. Okt 08:43 gpiomem
lrwxrwxrwx 1 root root          7  6. Okt 08:42 gps1 -> ttyUSB1
crw------- 1 root root    10, 183  6. Okt 08:43 hwrng
drwxr-xr-x 3 root root        160  6. Okt 08:42 input
crw-r--r-- 1 root root     1,  11  6. Okt 08:43 kmsg
crw-rw-rw- 1 root kvm     10, 232  6. Okt 08:43 kvm
lrwxrwxrwx 1 root root         28  6. Okt 08:42 log -> /run/systemd/journal/dev-log
brw-rw---- 1 root disk     7,   0  6. Okt 08:43 loop0
brw-rw---- 1 root disk     7,   1  6. Okt 08:43 loop1
brw-rw---- 1 root disk     7,   2  6. Okt 08:43 loop2
brw-rw---- 1 root disk     7,   3  6. Okt 08:43 loop3
brw-rw---- 1 root disk     7,   4  6. Okt 08:43 loop4
brw-rw---- 1 root disk     7,   5  6. Okt 08:43 loop5
brw-rw---- 1 root disk     7,   6  6. Okt 08:43 loop6
brw-rw---- 1 root disk     7,   7  6. Okt 08:43 loop7
crw-rw---- 1 root disk    10, 237  6. Okt 08:43 loop-control
drwxr-xr-x 2 root root         60  6. Okt 08:42 mapper
crw-rw---- 1 root video  235,   0  6. Okt 08:43 media0
crw-rw---- 1 root video  235,   1  6. Okt 08:43 media1
crw-rw---- 1 root video  235,   2  6. Okt 08:43 media2
crw-rw---- 1 root video  235,   3  6. Okt 08:43 media3
crw-r----- 1 root kmem     1,   1  6. Okt 08:43 mem
brw-rw---- 1 root disk   179,   0  6. Okt 08:43 mmcblk0
brw-rw---- 1 root disk   179,   1  6. Okt 08:43 mmcblk0p1
brw-rw---- 1 root disk   179,   2  6. Okt 08:43 mmcblk0p2
crw------- 1 root root   239,   2  6. Okt 08:45 mmd_bidcos
crw------- 1 root root   239,   1  6. Okt 08:45 mmd_hmip
drwxrwxrwt 2 root root         40  1. Jan 1970  mqueue
drwxr-xr-x 2 root root         60  6. Okt 08:42 net
crw-rw-rw- 1 root root     1,   3  6. Okt 08:43 null
crw-r----- 1 root kmem     1,   4  6. Okt 08:43 port
crw------- 1 root root   108,   0  6. Okt 08:42 ppp
crw-rw-rw- 1 root tty      5,   2  7. Okt 11:10 ptmx
drwxr-xr-x 2 root root          0  6. Okt 08:42 pts
brw-rw---- 1 root disk     1,   0  6. Okt 08:43 ram0
brw-rw---- 1 root disk     1,   1  6. Okt 08:43 ram1
brw-rw---- 1 root disk     1,  10  6. Okt 08:43 ram10
brw-rw---- 1 root disk     1,  11  6. Okt 08:43 ram11
brw-rw---- 1 root disk     1,  12  6. Okt 08:43 ram12
brw-rw---- 1 root disk     1,  13  6. Okt 08:43 ram13
brw-rw---- 1 root disk     1,  14  6. Okt 08:43 ram14
brw-rw---- 1 root disk     1,  15  6. Okt 08:43 ram15
brw-rw---- 1 root disk     1,   2  6. Okt 08:43 ram2
brw-rw---- 1 root disk     1,   3  6. Okt 08:43 ram3
brw-rw---- 1 root disk     1,   4  6. Okt 08:43 ram4
brw-rw---- 1 root disk     1,   5  6. Okt 08:43 ram5
brw-rw---- 1 root disk     1,   6  6. Okt 08:43 ram6
brw-rw---- 1 root disk     1,   7  6. Okt 08:43 ram7
brw-rw---- 1 root disk     1,   8  6. Okt 08:43 ram8
brw-rw---- 1 root disk     1,   9  6. Okt 08:43 ram9
crw-rw-rw- 1 root root     1,   8  6. Okt 08:43 random
crw------- 1 root root   238,   0  6. Okt 08:43 raw-uart
crw-rw-r-- 1 root rfkill  10, 242  6. Okt 08:43 rfkill
brw-rw---- 1 root disk     8,   0  6. Okt 08:43 sda
brw-rw---- 1 root disk     8,   1  6. Okt 08:43 sda1
brw-rw---- 1 root disk     8,   2  6. Okt 08:43 sda2
brw-rw---- 1 root disk     8,   4  6. Okt 08:43 sda4
drwxr-xr-x 4 root root         80  6. Okt 08:42 serial
drwxrwxrwt 2 root root        360  6. Okt 08:43 shm
drwxr-xr-x 3 root root        180  6. Okt 08:42 snd
lrwxrwxrwx 1 root root         15  1. Jan 1970  stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root         15  1. Jan 1970  stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root         15  1. Jan 1970  stdout -> /proc/self/fd/1
crw-rw-rw- 1 root tty      5,   0  7. Okt 11:05 tty
crw--w---- 1 root tty      4,   0  6. Okt 08:43 tty0
crw--w---- 1 root tty      4,   1  6. Okt 08:43 tty1
crw--w---- 1 root tty      4,  10  6. Okt 08:43 tty10
crw--w---- 1 root tty      4,  11  6. Okt 08:43 tty11
crw--w---- 1 root tty      4,  12  6. Okt 08:43 tty12
crw--w---- 1 root tty      4,  13  6. Okt 08:43 tty13
crw--w---- 1 root tty      4,  14  6. Okt 08:43 tty14
crw--w---- 1 root tty      4,  15  6. Okt 08:43 tty15
crw--w---- 1 root tty      4,  16  6. Okt 08:43 tty16
crw--w---- 1 root tty      4,  17  6. Okt 08:43 tty17
crw--w---- 1 root tty      4,  18  6. Okt 08:43 tty18
crw--w---- 1 root tty      4,  19  6. Okt 08:43 tty19
crw--w---- 1 root tty      4,   2  6. Okt 08:43 tty2
crw--w---- 1 root tty      4,  20  6. Okt 08:43 tty20
crw--w---- 1 root tty      4,  21  6. Okt 08:43 tty21
crw--w---- 1 root tty      4,  22  6. Okt 08:43 tty22
crw--w---- 1 root tty      4,  23  6. Okt 08:43 tty23
crw--w---- 1 root tty      4,  24  6. Okt 08:43 tty24
crw--w---- 1 root tty      4,  25  6. Okt 08:43 tty25
crw--w---- 1 root tty      4,  26  6. Okt 08:43 tty26
crw--w---- 1 root tty      4,  27  6. Okt 08:43 tty27
crw--w---- 1 root tty      4,  28  6. Okt 08:43 tty28
crw--w---- 1 root tty      4,  29  6. Okt 08:43 tty29
crw--w---- 1 root tty      4,   3  6. Okt 08:43 tty3
crw--w---- 1 root tty      4,  30  6. Okt 08:43 tty30
crw--w---- 1 root tty      4,  31  6. Okt 08:43 tty31
crw--w---- 1 root tty      4,  32  6. Okt 08:43 tty32
crw--w---- 1 root tty      4,  33  6. Okt 08:43 tty33
crw--w---- 1 root tty      4,  34  6. Okt 08:43 tty34
crw--w---- 1 root tty      4,  35  6. Okt 08:43 tty35
crw--w---- 1 root tty      4,  36  6. Okt 08:43 tty36
crw--w---- 1 root tty      4,  37  6. Okt 08:43 tty37
crw--w---- 1 root tty      4,  38  6. Okt 08:43 tty38
crw--w---- 1 root tty      4,  39  6. Okt 08:43 tty39
crw--w---- 1 root tty      4,   4  6. Okt 08:43 tty4
crw--w---- 1 root tty      4,  40  6. Okt 08:43 tty40
crw--w---- 1 root tty      4,  41  6. Okt 08:43 tty41
crw--w---- 1 root tty      4,  42  6. Okt 08:43 tty42
crw--w---- 1 root tty      4,  43  6. Okt 08:43 tty43
crw--w---- 1 root tty      4,  44  6. Okt 08:43 tty44
crw--w---- 1 root tty      4,  45  6. Okt 08:43 tty45
crw--w---- 1 root tty      4,  46  6. Okt 08:43 tty46
crw--w---- 1 root tty      4,  47  6. Okt 08:43 tty47
crw--w---- 1 root tty      4,  48  6. Okt 08:43 tty48
crw--w---- 1 root tty      4,  49  6. Okt 08:43 tty49
crw--w---- 1 root tty      4,   5  6. Okt 08:43 tty5
crw--w---- 1 root tty      4,  50  6. Okt 08:43 tty50
crw--w---- 1 root tty      4,  51  6. Okt 08:43 tty51
crw--w---- 1 root tty      4,  52  6. Okt 08:43 tty52
crw--w---- 1 root tty      4,  53  6. Okt 08:43 tty53
crw--w---- 1 root tty      4,  54  6. Okt 08:43 tty54
crw--w---- 1 root tty      4,  55  6. Okt 08:43 tty55
crw--w---- 1 root tty      4,  56  6. Okt 08:43 tty56
crw--w---- 1 root tty      4,  57  6. Okt 08:43 tty57
crw--w---- 1 root tty      4,  58  6. Okt 08:43 tty58
crw--w---- 1 root tty      4,  59  6. Okt 08:43 tty59
crw--w---- 1 root tty      4,   6  6. Okt 08:43 tty6
crw--w---- 1 root tty      4,  60  6. Okt 08:43 tty60
crw--w---- 1 root tty      4,  61  6. Okt 08:43 tty61
crw--w---- 1 root tty      4,  62  6. Okt 08:43 tty62
crw--w---- 1 root tty      4,  63  6. Okt 08:43 tty63
crw--w---- 1 root tty      4,   7  7. Okt 11:10 tty7
crw--w---- 1 root tty      4,   8  6. Okt 08:43 tty8
crw--w---- 1 root tty      4,   9  6. Okt 08:43 tty9
crw------- 1 root root     5,   3  6. Okt 08:43 ttyprintk
crw-rw---- 1 root uucp   188,   0  7. Okt 11:10 ttyUSB0
crw-rw-rw- 1 root uucp   188,   1  7. Okt 11:10 ttyUSB1
lrwxrwxrwx 1 root root          7  6. Okt 08:42 ttyUSB10 -> ttyUSB0
lrwxrwxrwx 1 root root          7  6. Okt 08:42 ttyUSB11 -> ttyUSB2
crw-rw---- 1 root uucp   188,   2  7. Okt 11:10 ttyUSB2
crw-rw---- 1 root kvm     10, 125  6. Okt 08:43 udmabuf
crw------- 1 root root    10, 239  6. Okt 08:42 uhid
crw------- 1 root root    10, 223  6. Okt 08:42 uinput
crw-rw-rw- 1 root root     1,   9  6. Okt 08:43 urandom
drwxr-xr-x 3 root root         60  6. Okt 08:42 v4l
crw------- 1 root root    10, 124  6. Okt 08:43 vchiq
crw-rw---- 1 root video   10, 126  6. Okt 08:43 vcio
crw------- 1 root root   246,   0  6. Okt 08:43 vc-mem
crw-rw---- 1 root tty      7,   0  6. Okt 08:43 vcs
crw-rw---- 1 root tty      7,   1  6. Okt 08:43 vcs1
crw-rw---- 1 root tty      7,   2  6. Okt 08:43 vcs2
crw-rw---- 1 root tty      7,   3  6. Okt 08:43 vcs3
crw-rw---- 1 root tty      7,   4  6. Okt 08:43 vcs4
crw-rw---- 1 root tty      7,   5  6. Okt 08:43 vcs5
crw-rw---- 1 root tty      7,   6  6. Okt 08:43 vcs6
crw-rw---- 1 root tty      7,   7  6. Okt 08:43 vcs7
crw-rw---- 1 root tty      7, 128  6. Okt 08:43 vcsa
crw-rw---- 1 root tty      7, 129  6. Okt 08:43 vcsa1
crw-rw---- 1 root tty      7, 130  6. Okt 08:43 vcsa2
crw-rw---- 1 root tty      7, 131  6. Okt 08:43 vcsa3
crw-rw---- 1 root tty      7, 132  6. Okt 08:43 vcsa4
crw-rw---- 1 root tty      7, 133  6. Okt 08:43 vcsa5
crw-rw---- 1 root tty      7, 134  6. Okt 08:43 vcsa6
crw-rw---- 1 root tty      7, 135  6. Okt 08:43 vcsa7
crw-rw-rw- 1 root root    10, 122  6. Okt 08:43 vcsm-cma
crw-rw---- 1 root tty      7,  64  6. Okt 08:43 vcsu
crw-rw---- 1 root tty      7,  65  6. Okt 08:43 vcsu1
crw-rw---- 1 root tty      7,  66  6. Okt 08:43 vcsu2
crw-rw---- 1 root tty      7,  67  6. Okt 08:43 vcsu3
crw-rw---- 1 root tty      7,  68  6. Okt 08:43 vcsu4
crw-rw---- 1 root tty      7,  69  6. Okt 08:43 vcsu5
crw-rw---- 1 root tty      7,  70  6. Okt 08:43 vcsu6
crw-rw---- 1 root tty      7,  71  6. Okt 08:43 vcsu7
crw------- 1 root root    10, 127  6. Okt 08:43 vga_arbiter
crw------- 1 root root    10, 137  6. Okt 08:42 vhci
crw-rw-rw- 1 root kvm     10, 238  6. Okt 08:42 vhost-net
crw-rw-rw- 1 root kvm     10, 241  6. Okt 08:42 vhost-vsock
crw-rw---- 1 root video   81,   8  6. Okt 08:43 video10
crw-rw---- 1 root video   81,   9  6. Okt 08:43 video11
crw-rw---- 1 root video   81,  10  6. Okt 08:43 video12
crw-rw---- 1 root video   81,   0  6. Okt 08:43 video13
crw-rw---- 1 root video   81,   1  6. Okt 08:43 video14
crw-rw---- 1 root video   81,   2  6. Okt 08:43 video15
crw-rw---- 1 root video   81,   3  6. Okt 08:43 video16
crw-rw---- 1 root video   81,  11  6. Okt 08:43 video18
crw-rw---- 1 root video   81,  13  6. Okt 08:43 video19
crw-rw---- 1 root video   81,   4  6. Okt 08:43 video20
crw-rw---- 1 root video   81,   5  6. Okt 08:43 video21
crw-rw---- 1 root video   81,   6  6. Okt 08:43 video22
crw-rw---- 1 root video   81,   7  6. Okt 08:43 video23
crw-rw---- 1 root video   81,  12  6. Okt 08:43 video31
crw------- 1 root root    10, 130  6. Okt 08:43 watchdog
crw------- 1 root root   248,   0  6. Okt 08:43 watchdog0
crw-rw-rw- 1 root root     1,   5  6. Okt 08:43 zero
stty:speed 115200 baud; line = 0;
min = 0; time = 0;
-brkint -icrnl -imaxbel
-opost -onlcr
-isig -icanon -iexten -echo -echoe -echok -echoctl -echoke
whoami:http

And this is the output in webbrowser if I call the php served by lighttpd:

/:insgesamt 1048652
lrwxrwxrwx   1 root root          7  8. Mai 01:39 bin -> usr/bin
drwxr-xr-x   3 root root       4096  1. Jan 1970  boot
-rwxr--r--   1 root root        365 13. Mär 2023  chrintonewsystem
drwxr-xr-x   7 root root        380  7. Okt 10:11 dev
drwxr-xr-x 108 root root      12288  6. Okt 08:44 etc
drwxr-xr-x  19 root root       4096  6. Okt 21:04 hdd-backup-raspi
drwxrwxrwx  11 root root       4096 25. Feb 2025  hdd-worker
drwxr-xr-x  13 root root       4096  2. Jan 2025  home
lrwxrwxrwx   1 root root          7  8. Mai 01:39 lib -> usr/lib
drwx------   2 root root      16384 13. Mär 2023  lost+found
drwxr-xr-x   2 root root       4096  1. Jun 2021  mnt
drwxr-xr-x   5 root root       4096 22. Feb 2025  opt
dr-xr-xr-x 390 root root          0  7. Okt 10:11 proc
drwxr-x---  16 root root       4096  7. Okt 10:42 root
drwxr-xr-x  36 root root       1120  6. Okt 08:43 run
lrwxrwxrwx   1 root root          7  8. Mai 01:39 sbin -> usr/bin
drwxr-xr-x   4 root root       4096  1. Jul 2021  srv
-rw-------   1 root root 1073741824 13. Mär 2023  swapfile
dr-xr-xr-x  12 root root          0  7. Okt 11:02 sys
drwxrwxrwt   2 root root        120  7. Okt 10:11 tmp
drwxr-xr-x   8 root root       4096  3. Okt 08:37 usr
drwxr-xr-x  14 root root       4096  6. Okt 06:24 var
/dev:insgesamt 0
drwxr-xr-x 2 root root  180  7. Okt 10:11 char
lrwxrwxrwx 1 root root   13  7. Okt 10:11 fd -> /proc/self/fd
crw-rw-rw- 1 root root 1, 7  7. Okt 10:11 full
drwxr-xr-x 2 root root   40  7. Okt 10:11 hugepages
lrwxrwxrwx 1 root root   28  7. Okt 10:11 log -> /run/systemd/journal/dev-log
drwxrwxrwt 2 root root   40  1. Jan 1970  mqueue
crw-rw-rw- 1 root root 1, 3  7. Okt 10:11 null
crw-rw-rw- 1 root root 5, 2  7. Okt 10:11 ptmx
drwxr-xr-x 2 root root    0  6. Okt 08:42 pts
crw-rw-rw- 1 root root 1, 8  7. Okt 10:11 random
drwxrwxrwt 2 root root  360  6. Okt 08:43 shm
lrwxrwxrwx 1 root root   15  7. Okt 10:11 stderr -> /proc/self/fd/2
lrwxrwxrwx 1 root root   15  7. Okt 10:11 stdin -> /proc/self/fd/0
lrwxrwxrwx 1 root root   15  7. Okt 10:11 stdout -> /proc/self/fd/1
crw-rw-rw- 1 root root 5, 0  7. Okt 10:11 tty
crw-rw-rw- 1 root root 1, 9  7. Okt 10:11 urandom
crw-rw-rw- 1 root root 1, 5  7. Okt 10:11 zero
stty:stty: /dev/ttyUSB1: Datei oder Verzeichnis nicht gefunden
whoami:http

in both cases user http calls the php and in both cases the same php.ini is used. shell_exec is executed, but access to /dev - devices is different. On command line script executed correctly, if I call it via browser served by lighttpd it cannot access serial USB devices and so home automation cannot be accessed.

df8oe · October 7, 2025, 5:22pm

Not an explanation, but a hint: Problem maybe a bug in lighttpd. I have installed lighttpd2 now and configured php (completely different from lighttpd) - and everything is working now as expected…

homelab_hacker · October 7, 2025, 11:42pm

Oh neat. Sorry to have provided a red herring!

df8oe · October 8, 2025, 4:39am

Not a problem. This issue seems to be unknown to the world before (nothing to find on the web). I will start a bug report to lighttpd upstream. Thank you for your idea - its intention was “help” and logical

gstrauss · October 8, 2025, 6:03am

@df8oe Please consider asking a question in the lighttpd forums instead of filing a poorly written bug report.

Has anyone suggested you read the release notes of software such as lighttpd before assuming something is a bug to you?

lighttpd 1.4.79 was released over 6 months ago. The current stable release of lighttpd is lighttpd 1.4.82.

Check the BEHAVIOR CHANGES section.

The “issue” here smells to me like lighttpd security defaults working EXACTLY as intended.

See the systemd lighttpd.service restriction PrivateDevices=yes