The remedy
is to create a new user, called webuser,
belonging to webgroup. The names are
unimportant. The main thing is that this user should be in a group of
its own and should not actually be used by anyone for anything else.
On most Unix systems, create the group first by running
adduser -group webgroup then the user by running
adduser
. You will be asked
for passwords for both. If the system insists on a password, use some
obscure non-English string like cQuycn75Vg.
Ideally, you should make sure that the newly created user
cannot actually log in; how this is achieved varies according to
operating system: you may have to replace the encrypted password in
/etc/passwd, or remove the home directory, or
perhaps something else. Having told the operating system about this
user, you now have to tell Apache. Edit the file
httpd.conf
to
include the following lines:
User webuser Group webgroup
The following are the interesting directives.