I am wondering the security risk of changing apache run user from www-data to another.
sudo vi /etc/apache2/envvars
Configs:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
I have change to:
export APACHE_RUN_USER=myusername
export APACHE_RUN_GROUP=myusername
My main reason for doing this is because I have ssh keys setup for myusername and it also makes managing new files created by apache a lot easier since they are no longer belonging to www-data.
Best Answer
As long as the running Apache process has read access to
myusername
's files, you should be fine.If Apache doesn't have read permissions to
myusername
's files, anything you put in the docroot asmyusername
will be unable to be served.