Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 279A610305 for ; Wed, 7 Aug 2013 19:31:50 +0000 (UTC) Received: (qmail 25552 invoked by uid 500); 7 Aug 2013 19:31:44 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 20827 invoked by uid 500); 7 Aug 2013 19:31:38 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 20084 invoked by uid 99); 7 Aug 2013 19:31:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Aug 2013 19:31:37 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of noahduffy@fastmail.fm designates 66.111.4.26 as permitted sender) Received: from [66.111.4.26] (HELO out2-smtp.messagingengine.com) (66.111.4.26) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Aug 2013 19:31:33 +0000 Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id EDBE320EE1 for ; Wed, 7 Aug 2013 15:31:11 -0400 (EDT) Received: from web4 ([10.202.2.214]) by compute6.internal (MEProxy); Wed, 07 Aug 2013 15:31:11 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:mime-version:content-transfer-encoding :content-type:subject:date; s=mesmtp; bh=bhR359E2PgpJMaHIpgBgw+f wzkY=; b=YqY06xzU3XpCR/Iwj3Vr6wnqM6KiL5bFSBU7CtEGpup9eRoYG0xnvpr p0VM3Ck54SqRWEFGhINVXb+pfg+Lkb829RpApmBPOSERTaYqqbDHflQ74S4mGc4n kK1s7XvUQiP76NXtryiM8w9ev0EHYX8kzW/5LJY3Q12v8mosU80g= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:subject:date; s=smtpout; bh=bhR359E2PgpJMaHIpgBgw+fwzkY=; b=HzDedRDEH61k4lH3C6NMUb0BfRPW VLNW7bgVXAgGnYtbXqwe6/9czHY+PWHMwAQEijJSH6TnRmvVKOPDHLBAnYuIQvD+ IR/ALeOcFQlZUSnoXksugkJWqvkNQRzJ5nh2G0KilgtZ+Vg4wrITYphNHe05VLbF KcPu5yhTNBAE1e0= Received: by web4.nyi.mail.srv.osa (Postfix, from userid 99) id CFC19148EA5; Wed, 7 Aug 2013 15:31:11 -0400 (EDT) Message-Id: <1375903871.8152.7232403.1054DC75@webmail.messagingengine.com> X-Sasl-Enc: RQKxj98HyJbWClpeD/Sm/zvfSY7U/iHMdV1CZPcT16mV 1375903871 From: Noah Duffy To: users@httpd.apache.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-d9f253bf Date: Wed, 07 Aug 2013 14:31:11 -0500 X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] Changing the User Which Runs Apache I've tinkered with running a website using Apache on Linux for a few years now, but in my earlier days, I was a little naive and didn't pay too much attention to permissions. Now that I'd like to host a very small site on a home server, I'm trying to take security seriously. I know I could easily use GoDaddy hosting, but this will pretty much be a static page blog that I'm sure no one will ever visit anyway. Also, it gives me the opportunity to learn. In the past, I've always configured my virtual host to use a folder in my home directory. I've read that this is better practice, and it's always been easier than changing permissions for /var/www, but one problem with this is that the www-data user does not have permission to this folder. I've been experimenting the last couple of days with giving ownership of /var/www to www-data and adding myself to the www-data group, but I've had a few hiccups (I'm sure I'm not doing everything correctly). I've decided an easier route would be to keep the root web directory in my home folder, but change the user that runs Apache to myself. I've done some searching to see if this is recommended against, but really haven't been able to find too much about the issue in general. Is this something that anyone else does on a public server? There won't be anything hosted on it that would concern me security wise, but it's always nice to know things are as secure as I can make them. Thanks in advance! -- Noah Duffy noahduffy@fastmail.fm ASCII ribbon campaign ( ) against HTML e-mail! X / \ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org