Run apache as apache.apache not nobody

st0rm

Member
Jun 27, 2014
12
0
1
cPanel Access Level
Root Administrator
Hello all ,

I know this is the default configuration for cPanel , running apache as nobody that is .
And i also know that php is running under handler(in my case fscgi) and using suexec .

i just want to run apache under apache.apache for firewalling reasons .

could this be done ? and if so would it sustain updating ? do i have to reconfigure apache to run under apache.apache each time i update cPanel ?

Thank you all for your time
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
The user/group is defined in /var/cpanel/conf/apache/main, but this file is overwritten when EA is run. So, you'd probably want to use a local template to override this:

Code:
cp /var/cpanel/templates/apache2/main.default /var/cpanel/templates/apache2/main.local
Edit these lines and hardcode the user in so they are not pulled from the main template:

Code:
User [% main.user.item.user %]
Group [% main.group.item.group %]
Then:

Code:
/scripts/rebuildhttpdconf
service httpd restart
Not sure what other issues this may cause though.
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
cPanel expects the Apache user to be 'nobody'. It won't cause a problem with Apache, but there are some scripts cPanel uses that assume 'nobody' is the user. If you're running PHP in CGI mode, it's probably not as big of a deal.

Why do you even need to do this? Are you not able to change your firewall rules to use 'nobody'?
 

st0rm

Member
Jun 27, 2014
12
0
1
cPanel Access Level
Root Administrator
the problem is , i want to firewall the outbound of the server's connections

by making firewall match the owner of the connection .. not to accept outbound connection unless it was from apache/exim/named/ftp/root .. that's how i want to configure it

so if i ran apache as nobody how can i control this ? although yes i do run php in CGI mode , FSCGI to be exact

any advice would be more than welcome :)

Thank you for your time
 

st0rm

Member
Jun 27, 2014
12
0
1
cPanel Access Level
Root Administrator
Sure , but any one with username nobody will apply to the same firewall rules as apache ..

hence the problem , he/she will have an outbound OK .. which is what i do not want ..
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
As far as I know the only things that use "nobody" on a cPanel server are Apache and sometimes the FTP server.

Changing the username of the Apache processes from nobody to apache will change virtually nothing.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
i just want to run apache under apache.apache for firewalling reasons .
Are you positive the firewall rules are not configurable any other way besides changing the username used by Apache? It seems like it would be easier to just modify the firewall rules.

Thank you.