I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.
I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.
So, my question is (are):
- how do I find out what the default user is
- do I need to change the default user
- if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?
- To find out the user, you can simply use
ps aux | grep apachewhile it is running.
- You don't need to, but if Apache is running as root there are security issues.
- Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group. On the systems I have looked at, apache was always installed using apache:apache (or similar) as user and group, so it should probably already be set like that.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki