source. This is commented out in the file, but apache2 -V shows that this
default has been compiled into the package.
Listen
The Listen directive is actually in a file called ports.conf that is
included from apache2.conf and indicates on which port you want your
server to run. By default, this is set to 80, which is the standard HTTP port
number. You might want to run your server on another port—for example,
when running a test server that you don’t want people to find by accident. Do
not confuse this with real security! See the “File System Authentication and
Access Control” section, later in this chapter, for more information about how
to secure parts of your web server.
User and Group
The User and Group directives should be set to the UID and GID the server
will use to process requests.
In Ubuntu, set these configurations to a user with few or no privileges. In this
case, they’re set to user www-data (a user defined specifically to run
Apache) and group www-data. If you want to use a different UID or GID,
be aware that the server will run with the permissions of the user and group
set here. This means that, in the event of a security breach, whether on the
server or (more likely) in your own CGI programs, those programs will run
with the assigned UID. If the server runs as root or some other privileged
user, someone can exploit the security holes and do nasty things to your site.
Always think in terms of the specified user running a command such as rm -
rf / because that would wipe all files from your system. This should
convince you that leaving apache as a user with no privileges is probably a
good thing.
Instead of specifying the User and Group directives using names, you can
specify them using the UID and GID numbers. If you use numbers, be sure
that the numbers you specify correspond to the user and group you want and
that they’re preceded by the pound (#) symbol.
Here’s how these directives look if specified by name:
Click here to view code image
User apache
Group apache