Apache process is typically run by a system user with minimal access or privilege. The user usually only has access to its DocumentRoot directory and cannot run any system commands. The user is also commonly part of a similarly unprivileged system group.

Apache is not required and thus not configured to have any other access for security reasons, as even an exploit to a poorly written PHP or Perl script will not escalate and cause much harm to the system.

Default user and group for Apache process usually are not the same in a different distribution. Ubuntu, for example, sets the default user and group to www-data, while on CentOS, it's apache.

You can configure your Apache process to run as any user or group, including root, if you're running a development environment or your application has such requirements. You can do it by updating the User and Group directives in Apache's configuration file.

Steps to change Apache user and group:

  1. Open Apache's configuration file using your preferred text editor.
    $ sudo vi /etc/apache2/apache2.conf
    Password:
  2. Find User and Group directives in Apache's configuration file.
  3. Set the value to existing user and group that you want Apache process to run as.
    User root
    Group root

    The following example is to run it as root and is a big security risk as an exploited script will have full access to the system.

  4. Make sure the configured user and group has the correct permission to the DocumentRoot folders.
    $ sudo chown --recursive username:groupname /home/user/website/
  5. Restart Apache service for changes to take effect.
    $ sudo systemctl restart apache2 #Ubuntu, Debian, openSUSE and SLES
    $ sudo systemctl restart httpd # CentOS and Red Hat
  6. Check if the changes was successful.
    $ ps aux | grep apache2
    root      1188  0.0  0.1 162184  6664 ?        Ss   Mar29   0:02 /usr/sbin/apache2 -k start
    root  1197  0.0  0.1 162184  5668 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
    root  1198  0.0  0.1 162184  5916 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
    root  1200  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
    root  1201  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
    root  1202  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
Discuss the article:

Comment anonymously. Login not required.