I'm throwing in the towel on this question. I've been puzzling over how and why Apache changed its default document root location and trying to figure out how that would affect me for weeks now. But no matter how much research I do the best I've been able to do is to find occasional obtuse references to the new DocumentRoot in Apache which seems to be /var/www under server 2.x.x with NO explanation at all as to why it was changed or what I should do with existing Domains as I migrate them to my new server.
I remember someone mentioning in a post I made weeks ago that the ownerships and permissions on my web directories seemed odd. His remarks suggested he thought all web directories ought to be owned by www-data and have permissions of 755. But he never explained why he thought that was true or what he feared might happen if it WASN'T true. Nevertheless, I remember him hinting he thought it might have long term security implications. Unfortunately he provided no references or source links to study up on this subject and I had NO CLUE where to look for such information either. So I made a note of his comments and concluded I would watch for information about this in my readings and research because I figured SOMEWHERE along the line I'd run into this again. Perhaps I should explain that on my old RedHat 7.2 server running Apache 1.2.something all web accounts and documents existed in /home/www/mydomain or /home/www/yourdomain or /home/www/theirdomain and each account at that level was owned by the site owner. Directories above that in the tree (e.g. /home/www and above) were all owned by root. In many cases permissions in the html directory and below were either 744 or 644 and had been that way for years without causing trouble on my old dedicated server. However, the www-data user and group did not exist there. There were secondary links to individual web directories in the site owner's home directory (e.g. /home/mydomain had a link to /home/www/mydomain, etc.). There was also another directory link (synonym) at the top of the directory structure (/) named /www that linked to this same structure. Thus, doing cd /www/mydomain was equivalent to doing cd /home/www/mydomain or cd /home/mydomain/www Since I had no idea when I started setting up my new server that Apache2 on Debian Etch made a DIFFERENT set of assumptions about where web files would be located and who would own them, and I had a couple of dozen sites (not to mention a long list of preconfigured software and shell scripts) that that were built around the old www structure, I naturally started setting up my test domains using the web directory structure I was familiar with. In fact, I already had 3 domains converted and working using that old structure before I heard anyone even mention www-data and /var/www Up until now I could ignore the differences because I'd managed to get everything working fine. But now I've reached a fork in the road. And I'm not sure which way to go here or even whether I should be concerned about this. One thing I know is I LOATH the idea of changing the basic directory structure for all my old sites unless there's a darn good reason to do so. If I do that, it could be YEARS before I manage to find and fix all the configuration and setup parameters and shell scripts that will need to change because I did so. Can someone please tell me whether I really NEED to be worrying about this? And if making this change in all my existing sites and scripts and software apps is desirable to improve security (i.e. if the move to the new www-data and /var/www is important), please tell me WHY it is. Truthfully, I don't doubt the person who suggested this. I just don't understand why this change is so important or what I gain by making it. Can YOU explain the reasons for this shift and clarify how Apache 2.x.x now assumes things should be set-up and can you tell me why it's important? Or, can you advise me on what to do here based on your own experience? Thanks!
