httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Hammond <tomino...@gmail.com>
Subject [users@httpd] Change user for Apache web server to a non-privileged user?
Date Wed, 14 Sep 2016 12:16:32 GMT
Hello everyone,

I have an Apache 2.2x server and would like to harden security so that
hackers can't get in easily to the Apache webserver.  One suggestion is to
change the user/group for Apache to a non-privileged account.

Currently the user "fpp" is the default user for Apache which has access to
the operating system via sudo commands.

I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web

I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web

export APACHE_RUN_GROUP=http-web

I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www

Finally, I restarted the Apache service with this command:
sudo service apache2 restart

When I try to access the website on this server, I receive the following
message:


Forbidden: You don't have permission to access / on this server.


I've been scouring the Internet trying to figure out how to switch the
default "fpp" Apache user to a non-privileged account and can't figure it
out. Can someone shed some light on this?

Thanks!
Tom

Mime
View raw message