I think this will have to do for the moment. Otherwise if its ok with you to help me if i get stack i can make a post.
What do mean by this? That by using firmeware apache i will expose my NSA? Or that no matter what i choose to use i will expose my NSA for bruteforce attacks??
When you use the firmware Apache, you'll expose the login
of your NAS. (The box has actually only 1 webinterface, so by requesting yourdomain.com instead of yourdomain.com/myweb, you'll get the login prompt)
Using lighttpd instead is safer. At least it doesn't expose your admin webinterface. Further you have the possibility to configure it to your needs. (I host a few private websites on my 220, and in the logfiles I see lots of script attacks. But those scripts all request by ip, and not by domain. So I configured lighttpd to give a 404 for all requests by ip.)
On another matter, how do i configure to only have one user that has the same access rights as root??
In ffp you mean? You can create a user with root rights:
adduser -u 0 -g 0 username
But you can't remove all other users. Some services (like ssh and mysql and maybe also lighttpd) create an own user, to be able to drop root rights as soon as they are running. You can see the list:
Why should you want that?