How to change Apache user and group

Apache is normally configured to only have access to its DocumentRoot directory and not to run any system commands. As such, the Apache process normally runs as an unprivileged user and group with no shell access in most platforms.

This is for security reasons as even an exploit to a poorly written PHP or Perl script will not escalate and cause much harm to the system.

Default user and group for Apache process in different distribution is normally different. Ubuntu for example sets the default user and group to www-data while CentOS uses apache.

If you're running a development environment or specifically require your Apache process to run as a specific user or group, you can definitely do that from your Apache's configuration file by updating the User and Group directive.

Steps to change Apache user and group:

Open Apache's configuration file using your preferred text editor.
```
$ sudo vi /etc/apache2/apache2.conf
Password:
```
Related: Location for Apache User and Group configuration
Find User and Group directives in Apache's configuration file.
Set the value to existing user and group that you want Apache process to run as.
```
User root
Group root
```
The following example is to run it as root and is a big security risk as an exploited script will have full access to the system.
Make sure the configured user and group has the correct permission to the folder.
```
$ sudo chown --recursive username:groupname /home/user/website/
```

Restart Apache service.

$ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES
$ sudo systemctl restart httpd # CentOS and Red Hat

Check if the changes was successful.

$ ps aux | grep apache2
root      1188  0.0  0.1 162184  6664 ?        Ss   Mar29   0:02 /usr/sbin/apache2 -k start
root  1197  0.0  0.1 162184  5668 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1198  0.0  0.1 162184  5916 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1200  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1201  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start
root  1202  0.0  0.1 162184  5684 ?        S    Mar29   0:00 /usr/sbin/apache2 -k start

Guide compatibility:

Operating System
Ubuntu 16.04 LTS (Xenial Xerus)
Ubuntu 16.10 (Yakkety Yak)
Ubuntu 17.04 (Zesty Zapus)
Ubuntu 17.10 (Artful Aardvark)
Ubuntu 18.04 LTS (Bionic Beaver)
Ubuntu 18.10 (Cosmic Cuttlefish)
Ubuntu 19.04 (Disco Dingo)

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.