1

On one of my servers, Apache2 is running as daemon user:

[root@sbecby07 ~]# ps -ef | grep httpd
root      1114 29432  0 10:13 pts/2    00:00:00 grep httpd
root     29773     1  0 09:03 ?        00:00:00 /usr/local/apache2/bin/httpd -k start
daemon   29774 29773  0 09:03 ?        00:00:01 /usr/local/apache2/bin/httpd -k start
daemon   29775 29773  0 09:03 ?        00:00:02 /usr/local/apache2/bin/httpd -k start
daemon   29795 29773  0 09:03 ?        00:00:03 /usr/local/apache2/bin/httpd -k start
daemon   29858 29773  0 09:03 ?        00:00:00 /usr/local/apache2/bin/httpd -k start

However, when I view phpinfo() via a simple PHP file on the browser, it shows that PHP is running as root (with /root homedir and all):

PHP Info

How is this possible? How do I change the user PHP is running as to be the same as Apache2?

The other servers I am managing do not have this issue.

Improve this question
5
  • 3
    If this is an Internet facing server, I would deal as it as potentially compromised; it does not matter wether this was intentaional or not; it allows easy escalation of privileges and the potential to has been abused by now is too high Commented May 27, 2016 at 2:28
  • @RuiFRibeiro It is a corporate intranet facing server only used for testing web application. The production servers (also facing corporate intranet) do not have this issue (i.e. both Apache2 and PHP run as daemon) Commented May 27, 2016 at 2:30
  • search for mod_ruid2/RUidGid, suEXEC or suphp directives in your Apache configuration and/or vhosts. Or even a recursive grep for the string root in your apache configuration dir. come back to me if it works, as I have additional comments, that I will include in a proper answer. Commented May 27, 2016 at 7:43
  • @RuiFRibeiro no result for mod_ruid2/RUidGid, suEXEC or suphp. For string "root" all occurrences are inside commented line. httpd.conf already has line User daemon and Group daemon so I don't think the issue is within Apache2. I'm suspecting the user is switched somehow somewhere within PHP execution but I don't know where to start. Commented May 27, 2016 at 8:02
  • php-fpm rings a bell? Commented May 27, 2016 at 11:34

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.