Setting the Apache User and Group

Like most servers that start via SysV or local startup scripts, Apache starts running as root. Apache supports two directives that adjust the username and group name under which the server runs after it's started. These directives are User and Group. For instance, you might include the following lines to have Apache run as the user apache in the group called agroup:

User apache Group agroup

Once you've set these options, a check of these features using ps should reveal that most instances of Apache are running as the specified user and group. The first instance, though, will continue to run as root. This instance doesn't directly respond to incoming requests, though.

Another option is to run Apache from a super server, as described in Chapter 22, "Running Servers." You can then specify Apache's user and group using the super server's mechanisms. This approach only works with Apache versions prior to 2.0, and was discouraged even with 1,3.x releases. Apache 2.0 and later must be run directly. If you want to run an earlier version of Apache from a super server, you must set the ServerType inetd directive to tell Apache that it's running from a super server. (The default value is standalone, meaning that the server is run directly.)

0 0

Post a comment