====== Processes and Users on a Web Server ======

This section describes the various parties that act on a web server. This background knowledge is helpful if any permissions or login data do not work.

  * The **operating system** on the server (usually Linux or Windows) controls which users may access which files in the local file system. The users here are not persons, but processes (programs).
  * The **web server** (usually Apache or IIS) is a program that runs on the operating system. In order not to endanger the security of the operating system, the web server usually acts with the restricted rights of a special user (e.g. www, webserver, IUSR).The web server's task is to deliver files from the local file system to users on the Internet or intranet via a network protocol (e.g. HTTP).
  * **PHP** is a module that the web server falls back on when it has to deliver PHP scripts. The PHP scripts are first executed by PHP and then the result is delivered. PHP usually (not always) acts under the same username as the web server.
  * The **Database Server** is another program that runs on the operating system. It contains several databases, which in turn contain database tables. These tables are comparable to the sheets in an Excel spreadsheet. The database makes its data available (e.g. via the SQL protocol) to other programs (e.g. the web server).
  * Accesses to the database are controlled via **Database Users**. In the case of a MySQL database, these users identify themselves by an user name and password. Note that database users are often independent of operating system users. The operating system user "root" can therefore use a different password than the database user "root", for example.
  * To maximize the confusion, the web server also knows its own **web server users**. The most common user is the anonymous Internet surfer who sends a request to the web server. The web server then decides whether the web server user is allowed to access the requested resource - possibly asking for username and password, checking whether the server is from a certain IP range (e.g. the intranet) or can identify itself by a domain identifier.