mpm_common.html revision e36ef0d081aa59867688bcbb3da65952ec16fae3
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>Apache MPM Common Directives</title>
</head>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
vlink="#000080" alink="#FF0000">
<!--#include virtual="header.html" -->
<h1 align="CENTER">Multi-Processing Module Common
Directives</h1>
<p>This file documents directives that are implemented by more
than one multi-processing module (MPM).</p>
<h2>Directives</h2>
<ul>
<li><a href="#connectionstatus">ConnectionStatus</a></li>
<li><a href="#coredumpdirectory">CoreDumpDirectory</a></li>
<li><a href="#group">Group</a></li>
<li><a href="#pidfile">PidFile</a></li>
<li><a href="#listen">Listen</a></li>
<li><a href="#listenbacklog">ListenBacklog</a></li>
<li><a href="#lockfile">LockFile</a></li>
<li><a href="#maxclients">MaxClients</a></li>
<li><a
href="#maxrequestsperchild">MaxRequestsPerChild</a></li>
<li><a href="#maxsparethreads">MaxSpareThreads</a></li>
<li><a href="#maxthreadsperchild">MaxThreadsPerChild</a></li>
<li><a href="#minsparethreads">MinSpareThreads</a></li>
<li><a href="#numservers">NumServers</a></li>
<li><a href="#scoreboardfile">ScoreBoardFile</a></li>
<li><a href="#sendbuffersize">SendBufferSize</a></li>
<li><a href="#startservers">StartServers</a></li>
<li><a href="#startthreads">StartThreads</a></li>
<li><a href="#threadsperchild">ThreadsPerChild</a></li>
<li><a href="#user">User</a></li>
</ul>
<hr />
<h2><a id="connectionstatus"
name="connectionstatus">ConnectionStatus directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> ConnectionStatus
on|off<br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>ConnectionStatus
on</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> perchild</p>
<p>Whether or not to maintain status information on current
connections. If this is off then mod_status will not work
properly.</p>
<hr />
<h2><a id="coredumpdirectory"
name="coredumpdirectory">CoreDumpDirectory directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt CoreDumpDirectory} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> CoreDumpDirectory
<em>directory</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> the same location as
ServerRoot<br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork, mpm_winnt</p>
<p>This controls the directory to which Apache attempts to
switch before dumping core. The default is in the <a
href="core.html#serverroot">ServerRoot</a> directory, however
since this should not be writable by the user the server runs
as, core dumps won't normally get written. If you want a core
dump for debugging, you can use this directive to place it in a
different location.</p>
<hr />
<h2><a id="group" name="group">Group directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt Group} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Group
<em>unix-group</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>Group
#-1</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config, virtual
host<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork</p>
The Group directive sets the group under which the server will
answer requests. In order to use this directive, the
stand-alone server must be run initially as root.
<em>Unix-group</em> is one of:
<dl>
<dt>A group name</dt>
<dd>Refers to the given group by name.</dd>
<dt># followed by a group number.</dt>
<dd>Refers to a group by its number.</dd>
</dl>
It is recommended that you set up a new group specifically for
running the server. Some admins use user <code>nobody</code>,
but this is not always possible or desirable.
<p>Note: if you start the server as a non-root user, it will
fail to change to the specified group, and will instead
continue to run as the group of the original user.</p>
<p>Special note: Use of this directive in &lt;VirtualHost&lt;
is no longer supported. To implement the <a
href="/suexec.html">suEXEC wrapper</a> with Apache 2.0, use
the <a
href="mod_suexec.html#suexecusergroup">SuexecUserGroup</a>
directive. SECURITY: See <a href="#user">User</a> for a
discussion of the security considerations.</p>
<hr />
<h2><a id="pidfile" name="pidfile">PidFile directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt PidFile} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> PidFile
<em>filename</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>PidFile
logs/httpd.pid</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork, mpm_winnt</p>
<p>The PidFile directive sets the file to which the server
records the process id of the daemon. If the filename does not
begin with a slash (/) then it is assumed to be relative to the
<a href="core.html#serverroot">ServerRoot</a>.</p>
<p>It is often useful to be able to send the server a signal,
so that it closes and then reopens its <a
href="core.html#errorlog">ErrorLog</a> and TransferLog, and
re-reads its configuration files. This is done by sending a
SIGHUP (kill -1) signal to the process id listed in the
PidFile.</p>
<p>The PidFile is subject to the same warnings about log file
placement and <a
href="/misc/security_tips.html#serverroot">security</a>.</p>
<hr />
<h2><a id="listen" name="listen">Listen directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> Listen
[<em>IP-address</em>:]<em>port number</em><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork, mpm_winnt</p>
<p>The Listen directive instructs Apache to listen to only
specific IP addresses or ports; by default it responds to
requests on all IP interfaces. The Listen directive is now
a required directive. If it is not in the config file, the
server will fail to start. This is a change from previous
versions of Apache.
<p>The Listen directive tells the server to accept incoming
requests on the specified port or address-and-port combination.
If only a port number is specified, the server listens to the
given port on all interfaces, instead of the port given by the
<tt>Port</tt> directive. If an IP address is given as well as a
port, the server will listen on the given port and
interface.</p>
<p>Note that you may still require a <tt>Port</tt> directive so
that URLs that Apache generates that point to your server still
work.</p>
<p>Multiple Listen directives may be used to specify a number
of addresses and ports to listen to. The server will respond to
requests from any of the listed addresses and ports.</p>
<p>For example, to make the server accept connections on both
port 80 and port 8000, use:</p>
<pre>
Listen 80
Listen 8000
</pre>
To make the server accept connections on two specified
interfaces and port numbers, use
<pre>
Listen 192.170.2.1:80
Listen 192.170.2.5:8000
</pre>
<p><strong>See Also:</strong> <a href="/dns-caveats.html">DNS
Issues</a><br />
<strong>See Also:</strong> <a href="/bind.html">Setting
which addresses and ports Apache uses</a><br />
<strong>See Also:</strong> <a
href="http://www.apache.org/info/known_bugs.html#listenbug">Known
Bugs</a></p>
<hr />
<h2><a id="listenbacklog" name="listenbacklog">ListenBacklog
directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> ListenBacklog
<em>backlog</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>ListenBacklog
511</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork, mpm_winnt</p>
<p>The maximum length of the queue of pending connections.
Generally no tuning is needed or desired, however on some
systems it is desirable to increase this when under a TCP SYN
flood attack. See the backlog parameter to the
<code>listen(2)</code> system call.</p>
<p>This will often be limited to a smaller number by the
operating system. This varies from OS to OS. Also note that
many OSes do not use exactly what is specified as the backlog,
but use a number based on (but normally larger than) what is
set.</p>
<hr />
<h2><a id="lockfile" name="lockfile">LockFile
directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> LockFile
<em>filename</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>LockFile
logs/accept.lock</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork</p>
<p>The LockFile directive sets the path to the lockfile used
when Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT
or USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally
be left at its default value. The main reason for changing it
is if the <code>logs</code> directory is NFS mounted, since
<strong>the lockfile must be stored on a local disk</strong>.
The PID of the main server process is automatically appended to
the filename.</p>
<p><strong>SECURITY:</strong> It is best to avoid putting this
file in a world writable directory such as
<code>/var/tmp</code> because someone could create a denial of
service attack and prevent the server from starting by creating
a lockfile with the same name as the one the server will try to
create.</p>
<hr />
<h2><a id="maxclients" name="maxclients">MaxClients
directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt MaxClients} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> MaxClients
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>MaxClients
8</code> (with threads) <code>MaxClients 256</code> (no
threads)<br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, prefork</p>
<p>The MaxClients directive sets the limit on the number of
child processes that will be created to serve requests. When
the server is built without threading, no more than this number
of clients can be served simultaneously. To configure more than
256 clients, you must edit the <code>HARD_SERVER_LIMIT</code>
entry in <code>mpm_default.h</code> and recompile.</p>
<p>Any connection attempts over the MaxClients limit will
normally be queued, up to a number based on the <a
href="#listenbacklog">ListenBacklog</a> directive. Once a child
process is freed at the end of a different request, the
connection will then be serviced.</p>
<p>When the server is compiled with threading, then the maximum
number of simultaneous requests that can be served is obtained
from the value of this directive multiplied by <a
href="#threadsperchild">ThreadsPerChild</a>.</p>
<hr />
<h2><a id="maxrequestsperchild"
name="maxrequestsperchild">MaxRequestsPerChild
directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt MaxRequestsPerChild} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> MaxRequestsPerChild
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>MaxRequestsPerChild 10000</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, prefork,
perchild, mpm_winnt</p>
<p>The MaxRequestsPerChild directive sets the limit on the
number of requests that an individual child server process will
handle. After MaxRequestsPerChild requests, the child process
will die. If MaxRequestsPerChild is 0, then the process will
never expire.</p>
<p>Setting MaxRequestsPerChild to a non-zero limit has two
beneficial effects:</p>
<ul>
<li>it limits the amount of memory that process can consume
by (accidental) memory leakage;</li>
<li>by giving processes a finite lifetime, it helps reduce
the number of processes when the server load reduces.</li>
</ul>
<p><strong>NOTE:</strong> For <em>KeepAlive</em> requests, only
the first request is counted towards this limit. In effect, it
changes the behavior to limit the number of
<em>connections</em> per child.</p>
<hr />
<h2><a id="maxsparethreads"
name="maxsparethreads">MaxSpareThreads directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> MaxSpareThreads
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>MaxSpareThreads
10 (Perchild) or 500 (threaded)</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> core<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild</p>
<p>Maximum number of idle threads. Different MPMs deal with
this directive differently. Perchild monitor the number of idle
threads on a per-child basis. If there are too many idle
threads in that child, the server will begin to kill threads
within that child.</p>
<p>threaded deals with idle threads on a server-wide basis. If
there are too many idle threads in the server then child
processes are killed until the number of idle threads is less
than this number.</p>
<p>See also <a href="#minsparethreads">MinSpareThreads</a> and
<a href="#startservers">StartServers</a>.</p>
<hr />
<h2><a id="maxthreadsperchild"
name="maxthreadsperchild">MaxThreadsPerChild directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> MaxThreadsPerChild
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a>
<code>MaxThreadsPerChild 64</code> <a
href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> core<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild</p>
<p>Maximum number of threads per child. For MPMs with a
variable number of threads per child, this directive sets the
maximum number of threads that will be created in each child
process. To increase this value beyond its default, it is
necessary to change the value of the compile-time define
<code>HARD_THREAD_LIMIT</code> and recompile the server.</p>
<hr />
<h2><a id="minsparethreads"
name="minsparethreads">MinSpareThreads directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt MinSpareServers} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> MinSpareServers
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>MaxSpareThreads
5 (Perchild) or 250 (threaded)</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> core<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild</p>
<p>Minimum number of idle threads to handle request spikes.
Different MPMs deal with this directive differently. Perchild
monitor the number of idle threads on a per-child basis. If
there aren't enough idle threads in that child, the server will
begin to create new threads within that child.</p>
<p>threaded deals with idle threads on a server-wide basis. If
there aren't enough idle threads in the server then child
processes are created until the number of idle threads is
greater than number.</p>
See also <a href="#maxsparethreads">MaxSpareThreads</a> and <a
href="#startservers">StartServers</a>.
<hr />
<h2><a id="numservers" name="numservers">NumServers
directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> NumServers
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>NumServers
2</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> perchild</p>
<p>Number of children alive at the same time. MPMs that use
this directive do not dynamically create new child processes so
this number should be large enough to handle the requests for
the entire site.</p>
<hr />
<h2><a id="scoreboardfile" name="scoreboardfile">ScoreBoardFile
directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt ScoreBoardFile} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> ScoreBoardFile
<em>filename</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>ScoreBoardFile
logs/apache_status</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Compatibility" rel="Help"></a> <a
href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork</p>
<p>The ScoreBoardFile directive is required on some
architectures to place a file that the server will use to
communicate between its children and the parent. The easiest
way to find out if your architecture requires a scoreboard file
is to run Apache and see if it creates the file named by the
directive. If your architecture requires it then you must
ensure that this file is not used at the same time by more than
one invocation of Apache.</p>
<p>If you have to use a ScoreBoardFile then you may see
improved speed by placing it on a RAM disk. But be careful that
you heed the same warnings about log file placement and <a
href="/misc/security_tips.html">security</a>.</p>
<p><strong>See Also</strong>: <a
href="/stopping.html">Stopping and Restarting Apache</a></p>
<hr />
<h2><a id="sendbuffersize" name="sendbuffersize">SendBufferSize
directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt SendBufferSize} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> SendBufferSize
<em>bytes</em><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork, mpm_winnt</p>
The server will set the TCP buffer size to the number of bytes
specified. Very useful to increase past standard OS defaults on
high speed high latency (<em>i.e.</em>, 100ms or so, such as
transcontinental fast pipes)
<hr />
<h2><a id="startservers" name="startservers">StartServers
directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt StartServers} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> StartServers
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>StartServers
5</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, prefork</p>
<p>The StartServers directive sets the number of child server
processes created on startup. As the number of processes is
dynamically controlled depending on the load, there is usually
little reason to adjust this parameter.</p>
<p>See also <a href="#minsparethreads">MinSpareThreads</a> and
<a href="#maxsparethreads">MaxSpareThreads</a>.</p>
<hr />
<h2><a id="startthreads" name="startthreads">StartThreads
directive</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> StartThreads
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>StartThreads
5</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> perchild</p>
<p>Number of threads each child creates on startup. As the
number of threads is dynamically controlled depending on the
load, there is usually little reason to adjust this
parameter.</p>
<hr />
<h2><a id="threadsperchild"
name="threadsperchild">ThreadsPerChild</a></h2>
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> ThreadsPerChild
<em>number</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>ThreadsPerChild
50</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> MPM<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, mpm_winnt</p>
<p>This directive sets the number of threads created by each
child process. The child creates these threads at startup and
never creates more. if using an MPM like mpmt_winnt, where
there is only one child process, this number should be high
enough to handle the entire load of the server. If using an MPM
like threaded, where there are multiple child processes, the
total number of threads should be high enough to handle the
common load on the server.</p>
<hr />
<h2><a id="user" name="user">User directive</a></h2>
<!--%plaintext &lt;?INDEX {\tt User} directive&gt; -->
<p><a href="directive-dict.html#Syntax"
rel="Help"><strong>Syntax:</strong></a> User
<em>unix-userid</em><br />
<a href="directive-dict.html#Default"
rel="Help"><strong>Default:</strong></a> <code>User
#-1</code><br />
<a href="directive-dict.html#Context"
rel="Help"><strong>Context:</strong></a> server config, virtual
host<br />
<a href="directive-dict.html#Status"
rel="Help"><strong>Status:</strong></a> core<br />
<a href="directive-dict.html#Module"
rel="Help"><strong>Module:</strong></a> threaded, perchild,
prefork</p>
The User directive sets the userid as which the server will
answer requests. In order to use this directive, the standalone
server must be run initially as root. <em>Unix-userid</em> is
one of:
<dl>
<dt>A username</dt>
<dd>Refers to the given user by name.</dd>
<dt># followed by a user number.</dt>
<dd>Refers to a user by their number.</dd>
</dl>
The user should have no privileges which result in it being
able to access files which are not intended to be visible to
the outside world, and similarly, the user should not be able
to execute code which is not meant for httpd requests. It is
recommended that you set up a new user and group specifically
for running the server. Some admins use user
<code>nobody</code>, but this is not always possible or
desirable. For example mod_proxy's cache, when enabled, must be
accessible to this user (see <a
href="mod_proxy.html">mod_proxy's</a> <code>CacheRoot</code>
directive).
<p>Notes: If you start the server as a non-root user, it will
fail to change to the lesser privileged user, and will instead
continue to run as that original user. If you do start the
server as root, then it is normal for the parent process to
remain running as root.</p>
<p>Special note: Use of this directive in &lt;VirtualHost&gt;
is no longer supported. To configure your server for <a
href="mod_suexec.html">suexec</a> use <a
href="mod_suexec.html#suexecusergroup">SuexecUserGroup</a>.
SECURITY: Don't set User (or <a href="#group">Group</a>) to
<code>root</code> unless you know exactly what you are doing,
and what the dangers are.</p>
<p><!--#include virtual="footer.html" -->
</p>
</body>
</html>