I use a small netbook to run a web crawler, and it uses Lubuntu with minimal applications. I have definitely never installed apache on this machine. ps is showing it running as root user as well as my user ID. I uninstalled it and the process is gone. But why was it there to begin with?
Does your web crawler run as a non-root user and not in sudoers? Does sudoers allow passwordless sudo? Could it be the crawler hit a malicious URL designed to trick crawlers into executing commands or code using a parsing <i>bug</i>?<p>Or by chance does your crawler or some other package have a web UI that utilizes Apache <i>as a dependency</i> but you perhaps have always used the CLI? By default apache should not be running as root. There should be an suexec in the configuration file and the child processes should be running as a non-root service account. Are there any comments <i>possibly left by a script</i> in the config?<p>Do you have package installation logs in /var/log somewhere? I dont use the Ubuntu variants so not sure which log this would be. Maybe <i>/var/log/apt/?</i> or <i>/var/log/dpkg.log</i> or maybe there are entries in <i>/var/log/messages?</i> Packages installed just prior to or just after apache2 may give some clues as to what pulled it in as a dependency.
Why it’s running as root: to bind to port 80 (any port < 1024) it needs root privileges.<p>As toast0 said, you’ll see multiple processes with different users.<p>Why it was there I don’t know :)