Apache2 - Run Apache as the user's account

debian apache-2.2 hosting web-hosting user-management

12,382

Solution 1

For security and compatibility reasons, it is not such a great idea.

A better idea might be to use suexec, which executes each person's cgi's as them.

If you really want to do this

add

User youruserid
Group yourgroupid

to your /etc/apache2/apache.conf

If you don't know where this goes in the file or think it might be a different file, scan for the strings User and Group. There may be a setting already.

Here's some documentation you might like

User directive http://httpd.apache.org/docs/2.0/mod/mpm_common.html#user

General apache2 http://httpd.apache.org/docs/2.0/

Solution 2

with apache2 you have the possibility to use the ITK multi-processing-module. This spawns off new processes running under the destination user's uid and gid. I'm using this for great effect on my hosting solution.

There should be packages for all major distributions available.

Solution 3

I strongly recommend against having Apache run as any real user. If an exploit is found in your sites, a malicious user can read or alter your personal files.

WordPress will run fine with the files being owned by your user account and with Apache running as a different user. There are a few files and paths which you should chgrp to the same group as the Apache server and make group writable. That way Apache can make the necessary changes without the risk of a user having full access to the rest of your files.

You should read the WordPress document on Changing File Permissions.

Solution 4

mpm-itk works good, it can be used also for non-php virtualhost.

If you need better scalability and performances, fastcgi pools are a better choice.

If you want to try something new, checkout php-fpm http://php-fpm.org/, debian lenny packages available on http://www.dotdeb.org/.

View more solutions

12,382

Niklas H

Updated on September 17, 2022

Comments

Niklas H over 1 year

I just got my very own Linux (Debian Stable) server, and installed Apache2, PHP5 and MySQL. It's supposed to be used for hosting of my own and others websites.

As it is now, Apache is running as its own user. That means that I need to "chown" all files and folders in a webroot, to the Apache-user, or else Apache can't edit and/or delete them. That is a big problem in Wordpress when installing plugins and such.

I Google'd a little, and found a website which says that you need to run the user's Apache instance as their own user, instead of running Apache as its own user.

How do I do that?
Niklas H about 14 years

I will take a closer look at suexec. But what about performance? Is there any performance-loss by using CGI?
Paul about 14 years

Do you mean using suexec or using cgi? When using suexec there may be a performance hit, I would imagine not too much. I've never noticed it. If CGI I think this is another question. Some programs use fastcgi, and other techniques, which are faster than regular cgi.
Paul about 14 years

Is it really so difficult to run chown and chmod to the web server's account -- if it is your server? An insecure cgi program will allow vandals to potentially look at or mess with anything owned by the web server's account.
Niklas H about 14 years

The problem with doing chown, is that I will need to chmod 777 all the files aswell, or else I can't touch them through FTP. And I am not that excited about 777'ing everything.
Niklas H about 14 years

And it won't just be me using the server - I'll be hosting for others aswell.
Paul about 14 years

If you are hosting for various users, then you want the suexec so that their scripts also work (if you want them to install scripts)
Niklas H about 14 years

Okay - thank you. Do you happen to know anything about that ITK mentioned in this thread also?
Paul about 14 years

No, sorry, haven't heard of it.
jemmille about 14 years

I've used ITK extensively and found it both stable and easy to use. I used it while working for a web hosting company as well.