To be sure what it is really set to, check the actual configuration files.
The umbrella file, apache2.conf will have something like the following,


Thats is a reference to environment variables set in /etc/apache2/envvars
mod_suexec also allows scripts to be run as yet a different user and group.

To find any virtual hosts which may use alternate users, groups or both, again, check the configurations.
$ egrep "^User|^Group|^SuexecUserGroup" /etc/apache2/apache2.conf /etc/apache2/sites-available/*.conf