tags:

views:

532

answers:

3
+2  Q: 

Finding out what user Apache is running as?

I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.

I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.

So, my question is (are):

  • how do I find out what the default user is
  • do I need to change the default user
  • if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?

Thanks!

A: 

Enter ps aux | grep apache in your shell.

The user will be listed on there. Now check whether this user has permissions to do anything on the machine. If yes create a new user and don't assign this any rights. Add the line and restart the apache server. Normally nothing should be broken but in case just revert it and look again.

neo  2010-03-24 16:21:06
Thanks. Sorry, I'm a total Unix newbie. I've found the user, but, um, how do I check whether the user has permissions to do anything on the machine? And if they do have permissions to do things on the machine, why is that a bad thing?
AP257  2010-03-24 16:26:23
To check if the user has some rights, it depends on how you setup the machine. If it has a custom user (i.e. apache) it probably doesn't have any rights, if it is as another user, it could have some rights. The most common are: 1. Access to important data, like your databases, configuration files, etc 2. If the user can use sudo 3. Being in the wheel group.Security also depends on your level of paranoia, so there is no single possible answer to that...
Kjir  2010-03-24 16:50:24
+3  A: 
  • To find out the user, you can simply use ps aux | grep apache while it is running.
  • You don't need to, but if Apache is running as root there are security issues.
  • Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group.
    • On the systems I have looked at, apache was always installed using apache:apache (or similar) as user and group, so it should probably already be set like that.
Kjir  2010-03-24 16:24:51
A: 

run suexec -V to determine the compile-time configuration of your suexec module. Check AP_HTTPD_USER value

I second Kjir for the other two points.

PS: note that on some distribution (e.g. SuSE) the command is called suexec2

andcoz  2010-03-24 16:30:13

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP