The user wants to run Apache httpd server from a non-root user in CentOS/RHEL 7. How this can be achieved with the help a service under systemd?
Configuring Apache httpd server to run from a non-root user (Using systemd service)
The /run/httpd file ownership and permissions are changed by systemd on startup because of the /usr/lib/tmpfiles.d/httpd.conf file. This is installed with the httpd package and doesn’t require the httpd.service to be enabled. If a non-root user tries to start the httpd service, he would get below error:
$ /usr/sbin/httpd -k start (13)Permission denied: AH00058: Error retrieving pid file /run/httpd/httpd.pid AH00059: Remove it before continuing if it is corrupted.
Follow the steps below to configure Apache httpd to be run as non-root user (Optionally you can also configure it to be run as a systemd service).
1. Change the User and Group settings in /etc/httpd/conf/httpd.conf to your user and group. For example, if your user and group are myuser and mygroup, use the settings below.
# vi /etc/httpd/conf/httpd.conf User myuser Group mygroup
2. Set the listen port to higher than 1024 in /etc/httpd/conf/httpd.conf.
# vi /etc/httpd/conf/httpd.conf Listen 8080
3. Change the ownership of httpd’s log directory.
# chown -R myuser:mygroup /var/log/httpd
4. Change the ownership of the /run/httpd directory.
# chown -R myuser:mygroup /run/httpd
To make this change permanent, /usr/lib/tmpfiles.d/httpd.conf must be changed to use myuser and mygroup as shown below.
$ sudo cat /usr/lib/tmpfiles.d/httpd.conf d /run/httpd 710 myuser mygroup d /run/httpd/htcacheclean 700 myuser mygroup
Configuring apache httpd to run as a service under systemd
(Optional) If you want Apache httpd to run as a service under systemd you will have to edit the service unit file. This is done by creating a systemd drop-in as shown below.
# systemctl edit httpd
The default editor will be automatically opened. Add the following content, then save and exit the editor.
[Service] User=myuser Group=mygroup
Stop httpd if it’s already running, then start httpd using the command below. (As your non-root user)
$ /usr/sbin/httpd -k start
Or, if you followed the optional steps to use systemd, start the service:
$ systemctl start httpd.service