Apache
is normally configured to only have access to its DocumentRoot
directory and not to run any system commands. As such, the Apache
process normally runs as an unprivileged user and group with no shell access in most platforms.
This is for security reasons as even an exploit to a poorly written PHP
or Perl
script will not escalate and cause much harm to the system.
Default user and group for Apache
process in different distribution is normally different. Ubuntu
for example sets the default user and group to www-data
while CentOS
uses apache
.
If you're running a development environment or specifically require your Apache
process to run as a specific user or group, you can definitely do that from your Apache
's configuration file by updating the User
and Group
directive.
Apache
's configuration file using your preferred text editor. $ sudo vi /etc/apache2/apache2.conf Password:
User
and Group
directives in Apache
's configuration file. Apache
process to run as.User root Group root
The following example is to run it as root
and is a big security risk as an exploited script will have full access to the system.
$ sudo chown --recursive username:groupname /home/user/website/
Apache
service. $ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES $ sudo systemctl restart httpd # CentOS and Red Hat
$ ps aux | grep apache2 root 1188 0.0 0.1 162184 6664 ? Ss Mar29 0:02 /usr/sbin/apache2 -k start root 1197 0.0 0.1 162184 5668 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1198 0.0 0.1 162184 5916 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1200 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1201 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start root 1202 0.0 0.1 162184 5684 ? S Mar29 0:00 /usr/sbin/apache2 -k start
Guide compatibility:
Operating System |
---|
Ubuntu 16.04 LTS (Xenial Xerus) |
Ubuntu 16.10 (Yakkety Yak) |
Ubuntu 17.04 (Zesty Zapus) |
Ubuntu 17.10 (Artful Aardvark) |
Ubuntu 18.04 LTS (Bionic Beaver) |
Ubuntu 18.10 (Cosmic Cuttlefish) |
Ubuntu 19.04 (Disco Dingo) |
Comment anonymously. Login not required.