How to run apache as an alternate user

NIM uses Apache as it’s web server to deliver content to browsers as well as interact with project servers. In some studio environments there may be a need to run the apache service as a different user with unique access permissions.  This user will require permissions to read and write to any project server you have mounted on the NIM VM. This following example will set the apache server to use the existing user NIM.  You can set this to any user/group you create.

 

To redefine the user that the apache server runs as, open the /etc/apache2/envars file on the NIM VM and edit the following lines:

export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

Replacing “www-data” with the desired user, in this example “nim”.

export APACHE_RUN_USER=nim
export APACHE_RUN_GROUP=nim

The final steps will be to take user and group ownership of the website document root, the apache lock and logs, as well as your NIM media location.

sudo chown -R nim /var/www/html/*
sudo chgrp -R nim /var/www/html/*

sudo chown -R nim /var/lock/apache2
sudo chgrp -R nim /var/lock/apache2

sudo chown -R nim /var/log/apache2
sudo chgrp -R nim /var/log/apache2

sudo chown -R nim /n/media
sudo chgrp -R nim /n/media

Now reboot the server:
sudo reboot

When the NIM VM restarts the apache server will be using the updated user account for all file system interaction.

NOTE:
In some cases when running apache2 an an alternate user, logging into an ssh session as that user and then existing can cause apache to exit.  To fix this issue modify the /etc/apache2/apache2.conf settings:

1) Edit /etc/apache2/apache2.conf file setting:

In the Global Configuration section add the line:
Mutex posixsem
The default value commented out is: Mutex file:${APACHE_LOCK_DIR} default

2) Reboot the server
sudo reboot