Debian Tutorials

Debian Tutorials

Step by step tutorials showing you how to install and configure various applications and services on Debian based Linux distros.

January 2021
« Apr    


Running Apache2 virtual hosts as different users with mpm-itk

Ástþór IPÁstþór IP
Please note! This tutorial is outdated and won’t work on the latest Debian releases. Here’s a detailed tutorial on how to set up LAMP on Debian Linux 9 (Stretch): How to set up a web server (LAMP) on Debian 9 (stretch)


This tutorial has been tested on the following Linux distributions:

Debian Linux 7 (Wheezy)
Debian Linux 6 (Squeeze)
Debian Linux 5 (Lenny)

Last updated:
7th of April 2018

apache2-mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows you to run each of your vhost under a separate uid and gid — in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

1. Install the apache2-mpm-itk package

apt-get install apache2-mpm-itk

2. Configure user and group for each virtual host by adding the following line somewhere between <VirtualHost *:80>…</VirtualHost>

AssignUserId [user] [group]

Replace [user] and [group] with a username and group name that already exists on the system.

3. Change the owner of the web root

chown [user].[group] [location]

Replace [user] and [group] with the username and group name configured on the virtual host. Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

4. Make sure the location isn’t accessible by other users (optional)

chmod o= [location]

Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

5. Restart apache

/etc/init.d/apache restart

Comments 1
  • d43m
    Posted on

    d43m d43m


    Do you think it is possible to have Apache access folders and files owned by different users ? I have user 3 different users that don’t have root access, they have their webfolders in /var/www/$USERNAME, and apache should have access to those files without any chmoding and chowining from them …