How do I set my web server to run as a specific user other than ‘nobody’? – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, user-accounts, user-permissions, user-profile, .
This is for an unremarkable LAMP server running Ubuntu. The reason I want to do this is because I want a php script to be able to run a linux command via the exec() function and the command I want to run needs permission that ‘nobody’ does not have.I have added my new user ‘web’ with the appropriate permissions, now I just need my web server to be the user ‘web’.
This is located in:
And is usually (by default):
export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data
You can change the user that apache runs as here. You’ll need to restart apache for the changes to take.
What you really want is SUEXEC.
What you’re proposing is rather quick and dirty; it also poses a huge security risk.
What you should really be doing is this.
Have a look at suexec. Alternately you can set the user Apache runs as. This is an excerpt from my httpd.conf
# If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # It is usually good practice to create a dedicated user and group for # running httpd, as with most system services. # User www Group www
I know this is coming late, but i stumbled upon this question when i was trying to solve a similar problem. I would suggest you run WHOIAM to determine the current user. Then grant the user the right permission using VISUDO
By default apache runs with the user www-data you can apply the permission in visudo by including the following line in /etc/sudoers
www-data ALL = NOPASSWD : /usr/local/bin
you can replace /usr/local/bin with the command you want to run in your script.