Apache is a widely-used web server that operates under specific user and group permissions. These permissions are critical in determining what files and directories Apache can access, helping to secure the system. By default, Apache runs under a non-privileged user and group, commonly named www-data, httpd or apache, depending on your Linux distribution.
There are instances where you may need to change the default user and group settings. This could be necessary when integrating Apache with other software or setting up custom permissions for specific web applications. Adjusting these settings ensures Apache can interact appropriately with the required files while maintaining system security.
To change the user and group settings in Apache, you will need to modify the User and Group directives in its configuration file. It's crucial to ensure the new user and group have the correct permissions to access the required directories. After making these changes, restart the Apache service to apply the new settings.
Steps to change Apache user and group:
- Locate the User and Group directives in the Apache configuration file.
$ sudo grep -Enr "^User |^Group " /etc/{apache2,httpd}/ Password: /etc/apache2/apache2.conf:115:User ${APACHE_RUN_USER} /etc/apache2/apache2.conf:116:Group ${APACHE_RUN_GROUP}
- Open the configuration file using a text editor.
$ sudo vi /etc/apache2/apache2.conf
- Modify the User and Group values to reflect the desired user and group.
User username Group groupname
The following example is to run it as a username called username and groupname as group. It's a security risk as an exploited script will have the user's access to the system.
- Ensure that the new user and group have the correct permissions to access the necessary directories.
$ sudo chown --recursive username:groupname /home/user/website/
- Restart the Apache service to apply the changes.
$ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES $ sudo systemctl restart httpd # CentOS and Red Hat
- Verify that Apache is running under the new user and group by checking the running processes.
$ ps aux | grep apache2 root 9720 0.0 0.1 8796 4492 ? Ss 20:52 0:00 /usr/sbin/apache2 -k start username 9721 0.0 0.1 1216456 4884 ? Sl 20:52 0:00 /usr/sbin/apache2 -k start username 9722 0.0 0.1 1216456 5012 ? Sl 20:52 0:00 /usr/sbin/apache2 -k start username 9831 0.0 0.0 6068 1920 pts/0 S+ 20:53 0:00 grep --color=auto apache2
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.