httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Platt - Platt Consultants" <GregPl...@ix.netcom.com>
Subject [users@httpd] Why do I need /var/www as DocumentRoot & www-data as www owner?
Date Tue, 02 Sep 2008 19:15:00 GMT
I'm throwing in the towel on this question. I've been puzzling over how and
why Apache changed its default document root location and trying to figure
out how that would affect me for weeks now. But no matter how much research
I do the best I've been able to do is to find occasional obtuse references
to the new DocumentRoot in Apache which seems to be /var/www under server
2.x.x with NO explanation at all as to why it was changed or what I should
do with existing Domains as I migrate them to my new server. 

 

I remember someone mentioning in a post I made weeks ago that the ownerships
and permissions on my web directories seemed odd. His remarks suggested he
thought all web directories ought to be owned by www-data and have
permissions of 755. But he never explained why he thought that was true or
what he feared might happen if it WASN'T true. Nevertheless, I remember him
hinting he thought it might have long term security implications. 

 

Unfortunately he provided no references or source links to study up on this
subject and I had NO CLUE where to look for such information either. So I
made a note of his comments and concluded I would watch for information
about this in my readings and research because I figured SOMEWHERE along the
line I'd run into this again. 

 

Perhaps I should explain that on my old RedHat 7.2 server running Apache
1.2.something all web accounts and documents existed in /home/www/mydomain
or /home/www/yourdomain or /home/www/theirdomain and each account at that
level was owned by the site owner. Directories above that in the tree (e.g.
/home/www and above) were all owned by root. In many cases permissions in
the html directory and below were either 744 or 644 and had been that way
for years without causing trouble on my old dedicated server. However, the
www-data user and group did not exist there. There were secondary links to
individual web directories in the site owner's home directory (e.g.
/home/mydomain had a link to /home/www/mydomain, etc.). 

 

There was also another directory link (synonym) at the top of the directory
structure (/) named /www that linked to this same structure. Thus, doing 

 

cd /www/mydomain 

 

was equivalent to doing 

 

cd /home/www/mydomain 

 

or 

 

cd /home/mydomain/www 

 

Since I had no idea when I started setting up my new server that Apache2 on
Debian Etch made a DIFFERENT set of assumptions about where web files would
be located and who would own them, and I had a couple of dozen sites (not to
mention a long list of preconfigured software and shell scripts) that that
were built around the old www structure, I naturally started setting up my
test domains using the web directory structure I was familiar with. 

 

In fact, I already had 3 domains converted and working using that old
structure before I heard anyone even mention www-data and /var/www 

 

Up until now I could ignore the differences because I'd managed to get
everything working fine. But now I've reached a fork in the road. And I'm
not sure which way to go here or even whether I should be concerned about
this. 

 

One thing I know is I LOATH the idea of changing the basic directory
structure for all my old sites unless there's a darn good reason to do so.
If I do that, it could be YEARS before I manage to find and fix all the
configuration and setup parameters and shell scripts that will need to
change because I did so. 

 

Can someone please tell me whether I really NEED to be worrying about this?
And if making this change in all my existing sites and scripts and software
apps is desirable to improve security (i.e. if the move to the new www-data
and /var/www is important), please tell me WHY it is. Truthfully, I don't
doubt the person who suggested this. I just don't understand why this change
is so important or what I gain by making it. 

 

Can YOU explain the reasons for this shift and clarify how Apache 2.x.x now
assumes things should be set-up and can you tell me why it's important? Or,
can you advise me on what to do here based on your own experience? 

 

Thanks!


Mime
View raw message