Hello everyone,
I have an Apache 2.2x server and would like to harden security so that hackers can't get in easily to the Apache webserver. One suggestion is to change the user/group for Apache to a non-privileged account.
Currently the user "fpp" is the default user for Apache which has access to the operating system via sudo commands.
I entered these commands to create a non-privileged account:
sudo groupadd http-web
sudo useradd -d /opt/fpp/www/ -g http-web http-web
I then edited /etc/apache2/envvars to change these lines:
export APACHE_RUN_USER=http-web
export APACHE_RUN_GROUP=http-web
I also ran this command to change user/group permissions on this folder:
sudo chown -R http-web:http-web /var/lock/apache2/
sudo chown -R http-web:http-web /opt/fpp/www
Finally, I restarted the Apache service with this command:
sudo service apache2 restart
When I try to access the website on this server, I receive the following message:
Forbidden: You don't have permission to access / on this server.
I've been scouring the Internet trying to figure out how to switch the default "fpp" Apache user to a non-privileged account and can't figure it out. Can someone shed some light on this?
Thanks!
Tom
