User nobody Group nobody You can specify the user and group Apache runs under with the User and Group directives. For security reasons, it is not a good idea to run any kind of server as root because a configuration or programming flaw can expose the whole server. When Apache is run as root, it will perform all the actions that require superuser privileges (such as binding to port 80) and then it will serve the actual requests as the user and group specified in the Apache configuration. This user ID will typically have reduced privileges and capabilities. |