1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Change user for Apache web server to a non-privileged user?

Discussion in 'Apache' started by tomhammond, Sep 14, 2016.

0
  1. #1
    Hello everyone,

    I have an Apache 2.2x server and would like to harden security so that hackers can't get in easily to the Apache webserver. One suggestion is to change the user/group for Apache to a non-privileged account.
    Currently the user "fpp" is the default user for Apache which has access to the operating system via sudo commands.

    I entered these commands to create a non-privileged account:
    sudo groupadd http-web
    sudo useradd -d /opt/fpp/www/ -g http-web http-web

    I then edited /etc/apache2/envvars to change these lines:
    export APACHE_RUN_USER=http-web
    export APACHE_RUN_GROUP=http-web


    I also ran this command to change user/group permissions on this folder:
    sudo chown -R http-web:http-web /var/lock/apache2/
    sudo chown -R http-web:http-web /opt/fpp/www

    Finally, I restarted the Apache service with this command:
    sudo service apache2 restart

    When I try to access the website on this server, I receive the following message:

    Forbidden: You don't have permission to access / on this server.


    I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache user to a non-privileged account and can't figure it out. Can someone shed some light on this?

    Thanks!
    Tom
     
    tomhammond, Sep 14, 2016 IP