Details
The apache account must not be used as a regular login account, and should be assigned an invalid or nologin shell to ensure that the account cannot be used to login.
Rationale:
Service accounts such as the apache account represent a risk if they can be used to get a login shell to the system.
Solution
Change the apache account to use the nologin shell or an invalid shell such as /dev/null:
# chsh -s /sbin/nologin apache
Default Value:
The default Apache user account is daemon. The daemon account may have a valid login shell or a shell of /sbin/nologin depending on the operating system distribution version.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.