Run Apache as Local User – Windows XP

Problem

You are creating an application that sends data or shall we say prints data to a shared printer over the network. On an regular setup, Apache runs as a service by the System User which does not have network access. When you tried to access network resources like shared printers, it does not allow you to add print job because of lack of privileges.

Solution

Run Apache as Local User

When you install Apache 2.2 in Windows XP, it will install as a service by default, using the System User account. The System User account has many privileges such as read/write access to files on all folders, however, it does not have network access.

You can actually find the steps here: http://httpd.apache.org/docs/2.2/platform/windows.html#winsvc

But to explain in on more simple terms, here we go:

1. Create an ordinary user account, ex: wwwuser. Make sure it is a member of Users group. Don’t make it a member of Administrator or any high privilege groups.

2. Add privilege Log on as a service and Act as part of the operating system by going to Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Look for Log on as a service and Act as part of the operating system entries from the list, open it and add the newly created user into it, ex: wwwuser.

3. Grant Read and Execute (RX) to the whole Apache2.2 directory to this user, ex: wwwuser.

4. Grant Read, Write, Change and Execute (RWXD) to Apache log directory.

5. Stop apache: go to Control Panel -> Administrative Tools -> Services. Look for Apache and stop the service.

6. Right-click Apache on the list -> click Properties. Go to Logon tab, then configure the account for Apache to run. Be sure to enter the correct username and password.

7. Start Apache. Be sure that you grant Read/Write/Change access to folders that your PHP application is using to write files such as Cache directory and the like.

Enjoy

This entry was posted in Apache and tagged , , , , , . Bookmark the permalink.

Related Posts

10 Responses to Run Apache as Local User – Windows XP

  1. Renato says:

    I tried do this but when i start the service it says “windows could not start the Apache…”

  2. lysender says:

    Hey, check your error logs.

  3. Ian says:

    Wow thank you. I tried the instructions at the apache website and I think they left out step 6. They also say to grant the user executable permissions on httpd.exe which I couldn’t find. It’s called apache2.exe I think. Also I completely missed that the users group already has x permissions on apache2.exe and added my user too. I was also using my regular user account and it may be more secure to do as you did and create a completely new www user for this.

    So glad I found this article.

  4. scott chu says:

    I follow these steps on my Windows 7 but when I run ‘sc start apache2.2’. It has errors as follows:
    SERVICE_NAME: apache2.2
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 2 START_PENDING
    (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x2
    WAIT_HINT : 0x7530
    PID : 4336
    FLAGS :

  5. scott chu says:

    I find the solution. You have to assign the user as member of group ‘Administrators’.

  6. Pingback: Issue with Apache folder and file permissions – Blog SatoHost

  7. Michael says:

    Hi Sir,
    Great article. It help me.
    The 3 step, I using below command line and working well ( server 2008 R2 )
    icacls “D:\wamp\apache” /grant “run_apache”:(OI)(CI)RX /T
    But the step 4, I using:
    icacls “D:\wamp\apache\logs” /grant “run_apache”:(OI)(CI)RWXD /T
    it show me an error message like this —- Invalid parameter “run_apache:(OI)(CI)RWXD”
    Dear Sir, could you mention me what’s wrong with it and how to fix it?
    Thank you!

  8. Michael says:

    icacls “D:\wamp\apache\logs” /grant “run_apache”:(OI)(CI)RXWD /T

    use RXWD instead of RWXD it works

    Thank you.

  9. Michael says:

    By the way, if I change the DocumentRoot to “D:/wamp/www”
    www folder do not location in Apache folder, do I need grant the new account permission for the www folder?
    Thank you.

  10. lysender says:

    @Michael, I have a very limited knowledge on Windows setup right now so I may not be able to help you with Windows specific issues. I would rather spin up a Linux VM just to avoid the whole Windows stuff 😀

Leave a Reply

Your email address will not be published. Required fields are marked *