Do not run Apache as yourself. If it (or any application it runs as a module - like PHP if you use mod_php) is compromised, it will be able to modify your personal files. Most people run apache as www-data (or similar) in a dedicated directory.
Check out how the default configuration of apache works on Debian/Ubuntu. They run as the user www-data and have the correct permissions set on the /var/www folder. If you add yourself to the www-data group, you may need to log out and log in again for it to take effect. On Wed, Aug 7, 2013 at 3:31 PM, Noah Duffy <noahdu...@fastmail.fm> wrote: > I've tinkered with running a website using Apache on Linux for a few > years now, but in my earlier days, I was a little naive and didn't pay > too much attention to permissions. > > Now that I'd like to host a very small site on a home server, I'm trying > to take security seriously. I know I could easily use GoDaddy hosting, > but this will pretty much be a static page blog that I'm sure no one > will ever visit anyway. Also, it gives me the opportunity to learn. > > In the past, I've always configured my virtual host to use a folder in > my home directory. I've read that this is better practice, and it's > always been easier than changing permissions for /var/www, but one > problem with this is that the www-data user does not have permission to > this folder. > > I've been experimenting the last couple of days with giving ownership of > /var/www to www-data and adding myself to the www-data group, but I've > had a few hiccups (I'm sure I'm not doing everything correctly). > > I've decided an easier route would be to keep the root web directory in > my home folder, but change the user that runs Apache to myself. I've > done some searching to see if this is recommended against, but really > haven't been able to find too much about the issue in general. > > Is this something that anyone else does on a public server? There won't > be anything hosted on it that would concern me security wise, but it's > always nice to know things are as secure as I can make them. > > Thanks in advance! > > -- > Noah Duffy > noahdu...@fastmail.fm > > ASCII ribbon campaign ( ) > against HTML e-mail! X > / \ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
