> Comparing the old servers to the new one, the old servers running apache
> 2.2.22 have multiple apache processes running as root, the rest as UIDs of
> the users they're accessing.  The new server running apache 2.4.7 only has
> 1 apache process running as root, the rest as the www-data user.  Does this
> sound right?

It's a bit of an illusion. They do have the setuid/setgid capabilities
(although those are restricted somewhat by seccomp), so they are in a sense
closer to root than www-data, even though the latter is what's displayed.

> The old servers are configured to run as www-data even though
> no processes are actually running as that.

For mpm-itk under Apache 2.2.x, the User/Group setting only means the default
uid/gid for when you don't set AssignUserID for a vhost.