Apache is normally configured to only have access to its DocumentRoot directory and not to run any system commands. As such, the Apache process normally runs as an unprivileged user with no shell access in most platforms.

This is for security reasons as even an exploit to a poorly written PHP or Perl script will not escalate and cause much harm to the system.

If you're running a development environment or specifically require your Apache process to run as a specific user or group, you can definitely do that from your Apache's configuration file.

Steps to change Apache user and group:

  1. Open Apache's configuration file using your preferred text editor. 
    $ sudo vi /etc/apache2/apache2.conf
Password:

    Location for Apache User and Group configuration

  2. Find User and Group directives in Apache's configuration file.
  3. Set the value to existing user and group that you want Apache process to run as.
    User root
Group root

    The following example is to run it as root and is a big security risk as an exploited script will have full access to the system.

  4. Make sure the configured user and group has the correct permission to the folder. 
    $ sudo chown --recursive username:groupname /home/user/website/
  5. Restart Apache service. 
    $ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES
$ sudo systemctl restart httpd # CentOS and Red Hat

    How to start, restart and stop Apache service

  6. Check if the changes was successful. 
    $ ps aux | grep apache2
root      1188  0.0  0.1 162184  6664 ?        Ss   Mar29   0:02 /usr/sbin/apache2 -k start
root  1197  0.0  0.1 162184  5668 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1198  0.0  0.1 162184  5916 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1200  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1201  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1202  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start

    Apache binary name for different distribution

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)
Discuss the article:

Comment anonymously. Login not required.

author: shakir
Share!