Topic: Change user for Apache web server to a non-privileged user?

[tomhammond]

Hello everyone,

I have an Apache 2.2x server and would like to harden security so that hackers can't get in easily to the Apache webserver. One suggestion is to change the user/group for Apache to a non-privileged account.

Currently the user "fpp" is the default user for Apache which has access to the operating system via sudo commands.

I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web

I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web
export APACHE_RUN_GROUP=http-web

I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www

Finally, I restarted the Apache service with this command:
sudo service apache2 restart

When I try to access the website on this server, I receive the following message:


Forbidden: You don't have permission to access / on this server.


I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache user to a non-privileged account and can't figure it out. Can someone shed some light on this?

Thanks!
Tom

[James Blond]

What is in your error log about it?