Finding out what user Apache is running as?

Question

I want to secure a file upload directory on my server as described beautifully here, but I have one problem before I can follow these instructions. I don't know what user Apache is running as.

I've found a suggestion that you can look in httpd.conf and there will be a "User" line, but there is no such line in my httpd.conf file, so I guess Apache is running as the default user. I can't find out what that is, though.

So, my question is (are):

how do I find out what the default user is
do I need to change the default user
if the answer is yes and I change the default user by editing httpd.conf, is it likely to screw anything up?

Thanks!

score 304 · Answer 1 · edited Nov 29 '13 at 13:42

304

ps aux | egrep '(apache|httpd)' typically will show what apache is running as.

Usually you do not need to change the default user, "nobody" or "apache" are typically fine users. As long as its not "root" ;)

edit: more accurate command for catching apache binaries too

edited Nov 29 '13 at 13:42

Jasper Kennis

379
1
3
12

answered Apr 19 '10 at 23:19

grufftech

6,930

score 69 · Answer 2 · edited Apr 26 '16 at 12:20

69

You can try the following command:

ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '{print $1}'

edited Apr 26 '16 at 12:20

Operator

3

answered Apr 23 '10 at 13:53

nowthatsamatt

961
1
8
11

score 57 · Answer 3 · edited Aug 16 '18 at 15:34

57

Use apachectl -S, which will show something Apache user and group, something like this:

User: name="_www" id=70
Group: name="_www" id=70

edited Aug 16 '18 at 15:34

Pang

279

answered Sep 11 '16 at 00:28

Kyaw

671

Kevin · Answer 4 · 2016-08-30T19:22:49.630

According to the ubuntuforums.org, on Ubuntu the default user for apache2 is www-data.

Seen to be true on Ubuntu 13.10 Saucy.

From Lars Noodén on the above forum.

To be sure what [the user] is really set to, check the actual configuration files. The umbrella file, apache2.conf will have something like the following,
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
That is a reference to environment variables set in /etc/apache2/envvars. mod_suexec also allows scripts to be run as yet a different user and group.

To find any virtual hosts, which may use alternate users, groups, or both, check the configurations.
$ egrep "^User|^Group|^SuexecUserGroup" /etc/apache2/apache2.conf /etc/apache2/sites-available/*.conf

For Red Hat based distributions it would be (usually its user running httpd is apache):

$ egrep "^User|^Group|^SuexecUserGroup" /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf

score 12 · Answer 5 · answered Apr 23 '10 at 07:53

I know that this is an old post, but it is still listed as unanswered, so I will make a suggestion. If you can't find which user or group Apache is running as, perhaps try opening the httpd.conf file. There should be an entry there for "User" and "Group". Not only can you see which user Apache is supposed to be running as, but you can change it if you feel the need to do so.

score 11 · Answer 6 · edited Sep 26 '11 at 05:42

11

You can include a line of code in your PHP script:

echo exec('whoami');

edited Sep 26 '11 at 05:42

splattne

28,776

answered Sep 26 '11 at 02:08

JG Estiot

119

score 5 · Answer 7 · edited Jul 15 '16 at 17:18

5

This code will - more or less - alphabetically list all the non-root users running processes containing apache (or whose name contains apache)

ps aux | grep -v root | grep apache | cut -d\  -f1 | sort | uniq

edited Jul 15 '16 at 17:18

mwfearnley

922

answered Mar 06 '13 at 12:28

user163193

51

score 4 · Answer 8 · edited May 23 '17 at 12:41

To find out the user, you can simply use ps aux | grep apache while it is running.
You don't need to, but if Apache is running as root there are security issues.
Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group.

On the systems I have looked at, apache was always installed using apache:apache (or similar) as user and group, so it should probably already be set like that.

NOTE: This is the same answer I gave on Stackoverflow.

score 3 · Answer 9 · answered Apr 23 '10 at 15:33

3

Or you can check the apache configuration file and look for the owner & group.

answered Apr 23 '10 at 15:33

AliGibbs

2,323
22
34

score 3 · Answer 10 · answered Feb 04 '16 at 00:55

An alternative approach, at least for Debian/Ubuntu-based distros, is to use the same method Apache does to set its user and group: source /etc/apache2/envvars!

$ echo "$(source /etc/apache2/envvars && echo "$APACHE_RUN_GROUP")"
www-data

If you want to get fancy, you can suppress errors if the file is not found, and provide a default value:

$ apacheuser=$(
     source /fail/etc/apache2/envvars 2>/dev/null &&
     echo "$APACHE_RUN_GROUP" ||
     echo nobody  
)
$ echo "$apacheuser"
nobody

score 3 · Answer 11 · edited Jul 03 '18 at 13:54

I found most of the solutions offered here are system- or configuration- specific (in particular, most of the solutions do not work at all on MacOS) and a few rely on the user knowing where Apache's configuration files are in the first place...

So I cheat a bit and let Apache itself tell me what's what.

The simple command apachectl -S will tell you what you need to know about a running instance of Apache, and its results can be parsed fairly easily. Here's my solution, which I use at the top of a few bash scripts to determine a variety of things I might need at any given time...

# Store the results so we don't have to keep calling apachetl...
astatus=`apachectl -S`

# Now grab whatever you want from the result... 
HTTPD_ROOT_DIR=$(expr "`echo "$astatus" | grep ServerRoot`" : ".*\"\(.*\)\".*")
HTTPD_DOC_DIR=$(expr "`echo "$astatus" | grep \"Main DocumentRoot\" `" : ".*\"\(.*\)\".*")
HTTPD_USER=$(expr "`echo "$astatus" | grep \"User:.*name=\" `" : ".*\"\(.*\)\".*")
HTTPD_GROUP=$(expr "`echo "$astatus" | grep \"Group:.*name=\" `" : ".*\"\(.*\)\".*")

These values can then be used as such:

echo $HTTPD_ROOT_DIR // /etc/httpd
echo $HTTPD_DOC_DIR  // /var/www
echo $HTTPD_USER     // www-data
echo $HTTPD_GROUP    // www-data

score 2 · Answer 12 · edited May 23 '17 at 12:41

2

As suggested by Noyo here:

APACHE_USER=$(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {if ($1) print $1}')

And then:

echo $APACHE_USER

edited May 23 '17 at 12:41

Community

1

answered Jan 03 '13 at 11:36

kenorb

7,125

score 1 · Answer 13 · answered Feb 13 '16 at 20:47

I found this command in CakePHP docs.

HTTPDUSER=`ps aux | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`

Now HTTPDUSER holds the username of the user who runs the server, echo $HTTPDUSER in my case outputs www-data –using rlerdorf/php7dev.

score 1 · Answer 14 · answered Apr 25 '18 at 13:44

Use lsof and pass the port apache is listen to as an argument. See the USER column for the user appache is running as.

# lsof -i :80
COMMAND     PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd     21058   root    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     21111 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)
httpd     24915 www-data    4u  IPv6  74730      0t0  TCP *:http (LISTEN)

score 0 · Answer 15 · answered Jan 21 '20 at 14:24

0

This is what I use right now:

apachectl -t -D DUMP_RUN_CFG 2>/dev/null |
sed -n '/^User/s/.*name="\([^"]*\)".*/\1/p'

answered Jan 21 '20 at 14:24

ceving

534

Finding out what user Apache is running as?

15 Answers15

Linked

Related