Linux what user is process running as

Finding out what user Apache is running as?

why has this question been downvoted? Yes, it’s been updated as it has been answered elswhere, but I see no need to down vote? It’s a perfectly good question? Perhaps our down voter would care to add a constructive comment regarding this?

You might want to post that update as an answer, and accept it, as you are currently in the Unanswered queue.

The next question: what to do because its one of two users, like root and www-data . How do you give the «right» Apache group a permission to access something?

15 Answers 15

ps aux | egrep ‘(apache|httpd)’ typically will show what apache is running as.

Usually you do not need to change the default user, «nobody» or «apache» are typically fine users. As long as its not «root» 😉

edit: more accurate command for catching apache binaries too

I have 3 processes ( /usr/sbin/apache2 -k start ), one’s user is root and the other two www-data . Should I be concerned?

@zundi, the service starts as root in order to do things like bind to reserved ports (e.g. 80 and 443). Then it starts whatever the configured number of processes are, to do the web-server work, and any other tasks, as the defined users. That way requests are being handled by non-privileged processes. You will notice the the parent ID (PPID) is the same for all of the other processes. That idea with be the PID for that one process running as root.

You can try the following command:

ps -ef | egrep '(httpd|apache2|apache)' | grep -v `whoami` | grep -v root | head -n1 | awk '' 

You’re litterally hidding lines from root user, which means that if apache is running as root, well, it doesnt show anything. Same for the current logged user.

Use apachectl -S , which will show something Apache user and group, something like this:

This is a good answer, because it is the one command that tells you a lot more about your running web server and presents it in a comprehensive way.

Oddly, on the Mac, although it shows as ‘_www’, you use ‘www’ without the underscore for various commands (notably chown). By the way, this varies according to version of MacOs/Apache/Apache package. It’s ‘_www’ on my macOs Big Sur with Apache 2.4.38 from MacPorts. It used to be ‘staff’ on older builds, and I think it’s different if you use Homebrew.

According to the ubuntuforums.org, on Ubuntu the default user for apache2 is www-data .

Seen to be true on Ubuntu 13.10 Saucy.

To be sure what [the user] is really set to, check the actual configuration files. The umbrella file, apache2.conf will have something like the following,

That is a reference to environment variables set in /etc/apache2/envvars . mod_suexec also allows scripts to be run as yet a different user and group.

To find any virtual hosts, which may use alternate users, groups, or both, check the configurations.

$ egrep "^User|^Group|^SuexecUserGroup" /etc/apache2/apache2.conf /etc/apache2/sites-available/*.conf 

For Red Hat based distributions it would be (usually its user running httpd is apache ):

$ egrep "^User|^Group|^SuexecUserGroup" /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf 

I know that this is an old post, but it is still listed as unanswered, so I will make a suggestion. If you can’t find which user or group Apache is running as, perhaps try opening the httpd.conf file. There should be an entry there for «User» and «Group». Not only can you see which user Apache is supposed to be running as, but you can change it if you feel the need to do so.

You can include a line of code in your PHP script:

Watch out here, this shows the user that PHP runs under, not the Apache user. If using mod_php these are the same but if, as is now very common, you’re using something else (like php_fpm) they can easily be different.

This code will — more or less — alphabetically list all the non-root users running processes containing apache (or whose name contains apache )

ps aux | grep -v root | grep apache | cut -d\ -f1 | sort | uniq 

The list will probably include users who are running processes like ‘grep apache’, such as your fine self.

• To find out the user, you can simply use ps aux | grep apache while it is running.
• You don’t need to, but if Apache is running as root there are security issues.
• Thirdly, changing the user of Apache will change his rights to access some directories. You need to make sure that /var/www (or wherever you have your websites) is accessible to the new user and group. On the systems I have looked at, apache was always installed using apache:apache (or similar) as user and group, so it should probably already be set like that.

NOTE: This is the same answer I gave on Stackoverflow.

Or you can check the apache configuration file and look for the owner & group.

An alternative approach, at least for Debian/Ubuntu-based distros, is to use the same method Apache does to set its user and group: source /etc/apache2/envvars !

$ echo "$(source /etc/apache2/envvars && echo "$APACHE_RUN_GROUP")" www-data 

If you want to get fancy, you can suppress errors if the file is not found, and provide a default value:

$ apacheuser=$( source /fail/etc/apache2/envvars 2>/dev/null && echo "$APACHE_RUN_GROUP" || echo nobody ) $ echo "$apacheuser" nobody

APACHE_USER=$(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END ') 

I found most of the solutions offered here are system- or configuration- specific (in particular, most of the solutions do not work at all on MacOS) and a few rely on the user knowing where Apache’s configuration files are in the first place.

So I cheat a bit and let Apache itself tell me what’s what.

The simple command apachectl -S will tell you what you need to know about a running instance of Apache, and its results can be parsed fairly easily. Here’s my solution, which I use at the top of a few bash scripts to determine a variety of things I might need at any given time.

# Store the results so we don't have to keep calling apachetl. astatus=`apachectl -S` # Now grab whatever you want from the result. HTTPD_ROOT_DIR=$(expr "`echo "$astatus" | grep ServerRoot`" : ".*\"\(.*\)\".*") HTTPD_DOC_DIR=$(expr "`echo "$astatus" | grep \"Main DocumentRoot\" `" : ".*\"\(.*\)\".*") HTTPD_USER=$(expr "`echo "$astatus" | grep \"User:.*name=\" `" : ".*\"\(.*\)\".*") HTTPD_GROUP=$(expr "`echo "$astatus" | grep \"Group:.*name=\" `" : ".*\"\(.*\)\".*") 

These values can then be used as such:

echo $HTTPD_ROOT_DIR // /etc/httpd echo $HTTPD_DOC_DIR // /var/www echo $HTTPD_USER // www-data echo $HTTPD_GROUP // www-data 

Источник

Linux as what user is a process running

On a machine with users as (this is the default configuration taken from an Exadata X5-2 compute node, so this is how Oracle officially deploys its configuration): When you log in locally, all user IDs are 1001 (=oracle): But when you log in through the listener: Notice that the RUID is different, it is the UID of grid user. Solution: This is such a common problem when the database was installed with user separation (grid + oracle user) and DBAs tend to overlook this.

Which user is running the most processes?

To count all processes per user:

ps -eo user|sort|uniq -c|sort -n 

or to just have the ones running php-cgi:

ps -eo user:15,cmd|sed -n '/php-cgi/s/ .*//p'|sort|uniq -c|sort -n 

-U userlist
Select by real user ID (RUID) or name. It selects the processes whose real user name or ID is in the userlist list. The real user ID identifies the user who created the process, see getuid(2).

-u userlist
Select by effective user ID (EUID) or name. This selects the processes whose effective user name or ID is in userlist. The effective user ID describes the user whose file access permissions are used by the process (see geteuid(2)). Identical to U and —user.

So for example to see all processes of user asjzdiwq , you can use:

ps -u asjzdiwq ## Using RUID ps -U asjzdiwq ## Using EUID 

Linux — How to find what processes run by the user right now?, Select by real user ID (RUID) or name. It selects the processes whose real user name or ID is in the userlist list. The real user ID identifies

How to see process created by specific user in Unix/linux

To view only the processes owned by a specific user, use the following command:

Replace the [username] with the required username

If you want to use ps then

Check out the man ps page for options

Another alternative is to use pstree wchich prints the process tree of the user

Linux: How to show a list of running processes with PID, user, group, The magic combination is ps axfo pid,euser,egroup,args. Here is an output example on Ubuntu 16.04: $ ps axfo pid,euser,egroup,args PID EUSER

Does a user have to log in to run a process and become its owner?

No, you don’t need to log in to start a process running as a given user. Logging in is a user-space construct; the kernel doesn’t care about that. There are multiple examples of this; for example, cron jobs can run as any user, without that user being logged in.

To address your specific questions:

• no, root doesn’t need to log in to start the init process, thankfully (imagine handling a fleet of thousands of servers and millions of VMs otherwise);
• connecting using SSH counts as logging in.

How to Filter Top Output to Specific Processes, How to Filter User Processes The Top output utility also allows us to filter processes spawned by a specific user. To do this, we use the -u flag followed by

Under what user does my process run on Oracle Linux?

This is such a common problem when the database was installed with user separation (grid + oracle user) and DBAs tend to overlook this.

When you use RAC or even just Oracle Restart (with or without ASM), you need to install Grid Infrastructure. Grid Infrastructure can be installed as a different user (typically grid).

When you have Grid Infrastructure, the proper way to handle listeners is through Grid Infrastructure. If Grid Infrastructure was installed with grid user, then the listener runs as grid user.

In Oracle architecture, by design, remote connections log in through the listener, and the database server process is forked by the listener. On Linux/UNIX platforms, the oracle binary is owned by oracle user, and it has the setuid bit enabled. grid and oracle users share a common group, and the oracle binary can be executed by the members of this group.

Given the above information, remote connections coming through the listener running as grid user can spawn processes whose UID and EUID is the same as the UID of oracle.

So far this is what usually everyone knows. The difference is however the RUID and the inherited privileges because of it.

On a machine with users as (this is the default configuration taken from an Exadata X5-2 compute node, so this is how Oracle officially deploys its configuration):

$ id oracle uid=1001(oracle) gid=1001(oinstall) groups=1001(oinstall),1004(asmdba),1002(dba),1003(dboper) $ id grid uid=1000(grid) gid=1001(oinstall) groups=1001(oinstall),1004(asmdba),1005(asmoper),1006(asmadmin) 

When you log in locally, all user IDs are 1001 (=oracle):

sqlplus user/password SQL>select spid from v$process where addr = (select paddr from v$session where sid = sys_context('userenv', 'sid')); SPID ------------------------ 85510 SQL>!ps -o uid,euid,ruid -p 85510 UID EUID RUID 1001 1001 1001 

But when you log in through the listener:

sqlplus user/password@orcl SQL>select spid from v$process where addr = (select paddr from v$session where sid = sys_context('userenv', 'sid')); SPID ------------------------ 90372 SQL>!ps -o uid,euid,ruid -p 90372 UID EUID RUID 1001 1001 1000 

Notice that the RUID is different, it is the UID of grid user.

For example, this can lead to a situation, where file generation from the database with UTL_FILE is successful when executed in a scheduled job, but fails when executed from a remote session.

With the above setup, server processes forked by the listener inherit the privileges of grid user. Scheduled jobs spawned by the database itself inherit the privileges of oracle user. If they do not have the same privileges, they will behave differently.

Linux — What happens to user’s running processes when its, tl;dr. some testing did not cause any problems in a new user, it seems safe to change password without changing any access parameters.

Источник