I've tinkered with running a website using Apache on Linux for a few
years now, but in my earlier days, I was a little naive and didn't pay
too much attention to permissions.
Now that I'd like to host a very small site on a home server, I'm trying
to take security seriously. I know I could easily use GoDaddy hosting,
but this will pretty much be a static page blog that I'm sure no one
will ever visit anyway. Also, it gives me the opportunity to learn.
In the past, I've always configured my virtual host to use a folder in
my home directory. I've read that this is better practice, and it's
always been easier than changing permissions for /var/www, but one
problem with this is that the www-data user does not have permission to
this folder.
I've been experimenting the last couple of days with giving ownership of
/var/www to www-data and adding myself to the www-data group, but I've
had a few hiccups (I'm sure I'm not doing everything correctly).
I've decided an easier route would be to keep the root web directory in
my home folder, but change the user that runs Apache to myself. I've
done some searching to see if this is recommended against, but really
haven't been able to find too much about the issue in general.
Is this something that anyone else does on a public server? There won't
be anything hosted on it that would concern me security wise, but it's
always nice to know things are as secure as I can make them.
Thanks in advance!
--
Noah Duffy
noahdu...@fastmail.fm
ASCII ribbon campaign ( )
against HTML e-mail! X
/ \
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
