Web folder in linux

Where should the web server root directory go in linux? [closed]

Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.

I see that Apache and Nginx both use var/www as their web root — but that directory is not covered in the Filesystem Hierarchy Standard. I also see some servers with the web root in the /home/username/www directory. So where does the web root go? Or rather, where should it go most of the time for the common web server?

3 Answers 3

Many SysAdmins use non-standard paths in order to avoid an easy-to-guess path in case of attacks.

If you are building an Internet web server I suggest considering a non-standard path.

hmmm.. good point. I wonder how much help that would actually be in an attack. Kind of like switching the SSH port from 22. Should I create a root level nonstandard path like /www-data or just add to an existing path like /srv/www-data/ ?

Putting SSH on a different port does not save you from a nmap portscan: in a few minutes nmap can guess the ssh port. Using non-standard path such as /MyData/WebSites/sitename01, /MyData/WebSites/sitename02 and so on can save you from various kind of vulnerability attacks that try to run or read some files using a relative path. If you take a look at a apache logfile, you can see some attacks using relative paths such as ../../../etc/passwd. That said, there is no silver bullet in security.

This is just security by obscurity. If somebody has enough access to your server to be able to read, or worse, modify arbitrary files on your server, the web root is the thing you should worry least about.

Distros use /var/www because it is for «transient and temporary files». The files installed there are just for checking if the server is working. After that, you can safely delete the folder.

But /var/www is not where you are supposed to install your own web source files. There is an argument to be made for using /usr/local/ if the web site files are static, but the most appropriate place is in /srv/ or /srv/www/ . Notably, your OS should never write to /usr/local or /srv , so they are both safe places for your own shared files. But /srv is for «data for services provided by this system», which is exactly what web source code is.

Now that you’ve bumped a six year old, answered, question. you might as well put in the effort to link to some references to back your posit — LFH, man hier , etc.

As described above and in the Filesystem Hierarchy Standard link, /srv is the standard directory on Unix-like systems for storing files used by system services. If you don’t have a directory called /srv . you can create one, but your system may have some other, OS-specific place for this. /srv is present on RedHat and Debian based systems, which is like 99% of Linuxes.

by default most of Linux Flavors use

Linked

Related

Hot Network Questions

Site design / logo © 2023 Stack Exchange Inc; user contributions licensed under CC BY-SA . rev 2023.7.14.43533

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.

Источник

The right folder permissions for a website on a Linux server

Say you have a website running on Linux. What are the correct permissions for the folder that contains the HTML, CSS, images, JavaScript files and so on?

This is something that has been bugging me since my day one of web development. In this article I want to sort it out for good.

Prerequisites

The website is stored in a Linux server like Ubuntu, and it is run by a web server like Apache or Nginx. You are the project owner and the sole user responsible for maintaining it.

The site is made of static content like CSS, images, HTML pages as well as some dynamic content generated by the web server on the fly — for example, a PHP script that manages file upload. So the web server needs to read the static content in order to display it to the public, as well as write data into the site folder as instructed by the script files.

Finally, let’s pretend your user is called john , the website folder is located in /var/www/my-website.com/ and the web server belongs to the www-data user group.

Set the folder permissions

Your user will be the owner of the website directory and will have full read, write and execute permissions. The web server will be the group owner and initially will have read and execute permissions, except for some folders where it will have write access. No one else will be allowed to mess around with the whole website directory.

To get started, login into your server and run the four commands below.

1: set your user as the owner

chown -R john /var/www/my-website.com/ 

This command sets john as the owner of every file and folder inside the directory ( -R stands for recursive).

2: set the web server as the group owner

chgrp -R www-data /var/www/my-website.com/ 

This command sets www-data as the group owner of every file and folder inside the directory. Recursive mode, as above.

3: 750 permissions for everything

chmod -R 750 /var/www/my-website.com/ 

The third command sets the permissions: read, write and execute (7) for the owner (i.e. you), read and execute (5) for the group owner (i.e. the web server), zero permissions at all (0) for others. Once again this is done on every file and folder in the directory, recursively.

4: new files and folders inherit group ownership from the parent folder

chmod g+s /var/www/my-website.com/ 

The last command makes all files/folders created within the directory to automatically take on the group ownership of the parent folder, that is your web server. The s flags is a special mode that represents the setuid/setgid. In simple words, new files and directories created by the web server will have the same group ownership of my-website.com/ folder, which we set to www-data with the second command.

When the web server needs to write

If you have folders that need to be writable by the web server, you can just modify the permission values for the group owner so that www-data has write access. Run this command on each writable folder:

chmod g+w /var/www/my-website.com/

For security reasons apply this only where necessary and not on the whole website directory.

Источник

How to change apache2 web folder in Ubuntu

The web server of Apache is the most popular way to deliver web content. It serves over half of all active websites in the Internet and is extremely powerful and flexible.
Apache divides its features and components into separate units, which can be independently customized and set up. A virtual Host is called the basic unit describing a single site or domain. Virtual hosts allow one server, through a matching system, to host several domains or interfaces. This is important for those who want to host more than one VPS site.
Each configured domain will direct the visitor to a certain directory that contains information on this website without indicating that the same server is also responsible for other websites. This scheme can be expanded without software limits provided the traffic of all the sites is handled by your server.

*To modify the document root of Apache, you must alter the files apache2.conf and 000-default.conf.

Apache is installed in the /var/www/html directory.

This is the default Apache root directory.

Either modify the Apache root directory or relocate the project to /var/www/html.

To change apache2 web folder follow below steps.

Step.1 access putty

Step.2 .To change Apache’s root directory

#cd /etc/apache2/sites-available

Step.3 Then open the 000-default.conf file

Step.4 Edit the DocumentRoot option mentioned at the above screenshot.
DocumentRoot /var/www/my/html/change folder.

Step.5 Then restart the apache server:

#sudo service apache2 restart

I am hoping that you are familiar with how to alter the apache2 web folder.

Источник