Apache process is typically run by a system user with minimal access or privilege. The user usually only has access to its DocumentRoot directory and cannot run any system commands. The user is also commonly part of a similarly unprivileged system group.
Apache is not required and thus not configured to have any other access for security reasons, as even an exploit to a poorly written PHP or Perl script will not escalate and cause much harm to the system.
Default user and group for Apache process usually are not the same in a different distribution. Ubuntu, for example, sets the default user and group to www-data, while on CentOS, it's apache.
You can configure your Apache process to run as any user or group, including root, if you're running a development environment or your application has such requirements. You can do it by updating the User and Group directives in Apache's configuration file.
$ sudo vi /etc/apache2/apache2.conf Password:
User root Group root
The following example is to run it as root and is a big security risk as an exploited script will have full access to the system.
$ sudo chown --recursive username:groupname /home/user/website/
$ sudo systemctl restart apache2 #Ubuntu, Debian, openSUSE and SLES $ sudo systemctl restart httpd # CentOS and Red Hat
Related: How to manage Apache service
$ ps aux | grep apache2 root 1188 0.0 0.1 162184 6664 ? Ss Mar29 0:02 /usr/sbin/apache2 -k start root 1197 0.0 0.1 162184 5668 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1198 0.0 0.1 162184 5916 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1200 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1201 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1202 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start
Comment anonymously. Login not required.