[PLUG] Ownership of /var/www on Ubuntu 8.04

Carlos Konstanski ckonstanski at pippiandcarlos.com
Tue Nov 25 22:36:35 UTC 2008 

On Tue, 25 Nov 2008, Richard C. Steffens wrote:

> Date: Tue, 25 Nov 2008 14:22:07 -0800
> From: Richard C. Steffens <rsteff at comcast.net>
> Reply-To: "General Linux/UNIX discussion and help;	civil and on-topic"
>     <plug at lists.pdxlinux.org>
> To: PLUG List <plug at lists.pdxlinux.org>
> Subject: [PLUG] Ownership of /var/www on Ubuntu 8.04
> 
> I installed Apache with synaptic on my Ubuntu Hardy system and have get
> "It works!" page when I surf to localhost localhost. I find the file
> that produces "It works!" in /var/www/index.html. The current ownership
> of /var/www is root:root. Should I change that to root:(some-web-group)
> and add myself to the group, or is there a another preferred approach to
> allowing myself to edit files for my local web site?
>
> -- 
> Regards,
>
> Dick Steffens

There are probably a lot of different answers to this question.  My
answer is to never use the default apache DocumentRoot directly.
Instead, I always make VirtualHost directives that point to
DocumentRoots that lie deeper than /var/www.  For instance, here is my
"default" web location on my workstation:

<VirtualHost *:80>
     ServerName sphinktoo.pippiandcarlos.com
     ServerAdmin ckonstanski at pippiandcarlos.com
     DocumentRoot "/var/www/html/site/sphinktoo.pippiandcarlos.com"
     <Directory "/var/www/html/site/sphinktoo.pippiandcarlos.com">
         Options Indexes Includes FollowSymLinks ExecCGI
         AllowOverride Limit
         Allow from all
         Order allow,deny
     </Directory>
</VirtualHost>

In gentoo, you get /var/www/html for free.  I built the rest of the
path.  /var/www/html is still owned by root on my system.  So is
/var/www/html/site.  (There is a /var/www/html/users that gentoo
provided for UserDir, but I have that disabled.  I created the site/
directory so that this directory level would remain uncluttered.)
/var/www/html/site/sphinktoo.pippiandcarlos.com is the first directory
in this tree that is owned by a normal user.

I like this aproach because you might want to put other things in
/var/www/html (or the equivalent on your system), like a cgi-bin
directory, a webdav permissions directory, or a subversion repo.  I
would keep this from being browseable.

Carlos Konstanski

More information about the PLUG mailing list