Hello all. I've heard that you should not have many services running as root especially apache because you can become rooted. When I issue a top command it shows the user of apache as root. In my httpd.conf it shows the user and group as apache. Why does the top command show root as the user of a lot of services running? Is this normal or is something messed up here?

Well, for one since certain capabilities (privileges) are bound to the "root" user, like being able to bind to ports below 1024. In your example, to be able to bind to port 80/TCP httpd has to be started as root. After the socket is set up and the socket bound to port 80/TCP, httpd will fork off "worker" threads to handle incoming connetcions etc etc.

Try running "ps" again, for instance as "/bin/ps ax -eo uid,euid,gid,egid,pid,args f". Showing output in "forest mode" prefixed with (e)uid/gid stuff. You should see the "main" httpd thread running as uid/gid root and the "worker" threads as the apache uid/gid.
The "main" thread doesn't interface with the network or users but instead delegates worker threads to do fulfill those tasks.

Thanks unSpawn. I got a little paranoid but you've calmed my nerves. Better safe then sorry right.