Run each Apache virtual host as a separate user (AssignUserId)
This is needed when you want apache to be able to handle the site files that might belong to another user (site ftp maybe), OR when you want to have different user on each site runnning on your server (for better security).
By default apache runs as same user on all your sites, this can be changed in /etc/conf/httpd/httpd.conf by changing "User" and "Group" BUT now apache runs as this user and group for all your sites, still not good enough, so let's leave that one alone.
1) Install httpd-itk.x86_64 with:
yum install httpd-itk.x86_64
2) enable this module by editing this file and uncomment the LoadModule line:
3) edit /etc/conf/httpd/httpd.conf and specify any user/group for any of your individual virtual hosts, notice the AssignUserId
<VirtualHost thewebhelp.com:*> DocumentRoot "/var/www/html/thewebhelp.com" ServerName thewebhelp.com <Directory "/var/www/html/thewebhelp.com"> Require all granted DirectoryIndex index.html index.php </Directory> # this is what you need >>> <IfModule mpm_itk_module> AssignUserId thewebhelp www </IfModule> </VirtualHost>
You can repeat that step for different vhosts running as different user each.
A common setup is to write site's FTP user / group.
4) restart apache
service httpd restart
Optional steps for debugging
To know if httpd-itk was activated
Look at your phpinfo page, create a blank php file and write <?php phpinfo();?> in it, load this page in your browser.
On the php info page mpm-itk should appear in loaded modules area and in apache version text.
Note that User/Group indicated on the PHP info page seems to be apache default user/group even thou it is running as the user you specified.
To verify what user/group is running your apache and php scripts
create a folder like "test" in your site,
- make it writable to all users (chmod 0777);
- next to it, create a script test.php and
- inside it, type this: <?php touch ("test/test.txt"); ?>
- run this script from BROWSER, like http://your-site.com/test.php ;
- from cosole do a "ls -lh" to see the list of files in that folder (notice user / group):
ls -lh test/ -rw-r--r-- 1 thewebhelp www test.txt