How do I stop Apache from running as root?
It is unusual to find Apache running as root
in any stock configuration. How have you determined that Apache is running as root? Note that Apache must start up as root in order to bind to privileged ports, but typically sheds its privileges later on.
You can look in your Apache configuration (often in /etc/httpd
or /etc/apache2
, depending on your distribution) for the User
and Group
directives (documented here). These two directives control under what user id Apache runs.
It is also unusual to find a system that has "no other groups or users". What do getent passwd
and getent group
show? Are there really no other users or groups other than root
? Most distributions ship with an apache
or www-data
user or somesuch and a matching configuration that will run Apache as that user.
There are a variety of introductory guides out there to Apache configuration and security. A simple Google search yields many likely looking results. The RedHat/CentOS Deployment Guide is a good place to start (if you're on a RedHat/CentOS system).