Local webserver files on home partition instead of root

I’ve setup a LAMP environment to test and develop locally with wordpress.

With the default settings, the main webserver folder is located at /srv/www/htdocs/, that contains in example, phpMyAdmin and wordpress main folders.

I find it a bit unhandy, for a couple of reasons: the first one is of permissions (whenever I want to manually change something, I must get admin privileges), the second is that my home folder has a different backup schedule of the root (these folders are better classified as “user content” instead of “system files”).

I only use this to work locally, mainly for testing; nobody else is supposed to access all of this externally.

My questions are:

Is it possible (and advisable) to move these folders somewhere inside my home partition? Are there any drawbacks or generally some things that I should consider when doing this?
And how can I correctly change this setup?

Advisable? Depends on what you as a developer prefer, matter of taste.

Can it be done? Yes, use Yast’s http module and enable mod_userdir. Make sure the configs for vhosts are changed accordingly.

Best thing is of course to use a different user for your web adninistration. That is different from root (so no need to use root for managing in /srv, etc.) and different from “normal end-users” that use their userid for banking, listening music, reading writing e-mail, etc.

Make that user’s primary group www, that is the same group that your Apache server uses at run time. /srv, etc. should all be owned by that user and group www.

User and group ownership of prcosesses and files and file permissions should be understood and used as they were invented for to your advantage. And not seen as things that hamper your system/website/user data managing.

Not realy connected to my advice above.

In your apache configuration there is something like

DocumentRoot "/srv/www/htdocs"

You can change that to whatever path on your system you like. But:
a) it must exist (and even better when it contains web pages);
b) it’s permissions (and those of all the directories in the path leading to it) must enable the apache server processes (that run by deafult under wwwrun:www) to at least read the files in it.

Also, you can add other document pathes to your apache config. I have e.g.

Alias /milweb/ "/home/henk/milweb/"

<Directory "/home/henk/milweb">
 Options Indexes
 AllowOverride None
 Order deny,allow
 Deny from all

which serves web-files in /home/henk/milweb (you guess it: in “my” home directory) to the clients when they access domainname.hostname/milweb/…

Hope this helps to trigger your fantasy.

I’ve tried to add this alias

Alias /Web/ "/home/stefano/Web/"

<Directory "/home/stefano/Web">
 Options Indexes
 AllowOverride None
 Order deny,allow
 Deny from all

and ./Web has the folliwing attributes:

$ ls -l | grep Web
drwxrwxr-x  3 stefano www   4096 22 lug 19.37 Web

but it doesn’t work; when I try to start the webserver, I get this error

Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xn" for details.

And? What does that tell you (and maybe us when you post it)?

Something for your consideration…

You’re not alone feeling Apache is a matter of overkill when you’re just trying to deploy a personal Development server for your personal use.

Most people I know (besides myself) typically look for Apache alternatives when developing. Apache can be slow to load, requires an enormous amount of overhead (possibly related to reserved resources for database connections) and may be difficult to modify default structures.

I’d recommend for instance nodejs as an “instant on and minimal resources required” alternative which is one way of deploying a website “anywhere” including in a /home directory or partition (really. No restrictions where which makes something like this ideal for Development).

For an introduction and how to install nodejs on openSUSE I created a Wiki page

Once nodejs is installed,
You simply place a webserver configuration file in your website root and call it from a console.
An example is this config file which I often use for static websites, just follow the comments in the file to invoke.

Now, wordpress is vastly more complicated to set up than a static website, but it seems that just late this past year there seems to have been a big effort to port Wordpress to nodejs (You can Google “nodejs wordpress” to read the blogs).
Inspecting the nodejs repo, it looks like there are hundreds of Wordpress nodejs packages.
Probably the place to start is to look for a package which will automatically retrieve all necessary Wordpress dependencies and install the basic Wordpress framework. I’d expect that after that is installed, you should then be able to import your existing website.
Searching the nodejs as follows returns several hits, there might be blogs with full instruction also. Place higher consideration on packages which mention something like Gulp or Grunt which are well known javascript task and workflow managers (useful for scripting the install and setup).

npm search wordpress deploy

This is one package which might get you started

This is so new,
I of course haven’t actually tried this but if you decide to go down this path you should be able to deploy a Wordpress(or most any other) website anywhere on your system. I assume that you have no current experience with nodejs which would likely mean an additional learning curve, but you might find that this is really beneficial for the long term if you develop web content regularly.


I’ve managed to solve this.

Apache is already configured to serve a particular directory in every user’s home.

Any file put in /home/<username>/public_html/ is accessible from http://localhost/~<username>/

Of course all the ownerships and permissions should be correctly set.

Source: https://wiki.archlinux.org/index.php/Apache_HTTP_Server#User_directories

Yes, but that feature is known to be unsecure.

My ISP offered it on their system to all subscibers. They moved the subscribers (thus also my) web-sites to a different path for security reasons.

Can you explain to me how it is insecure? What are the risks?

I’ve only installed wordpress on my laptop for personal testing purposes, and those sites are only available to me (they aren’t residing on an external server). Are there security risks even this way?

No I can’t. My ISP’s message was that it has security risks and that they thus stopped using it (it was somethiing like domain.home/~uname/ it now is uname/home/domain.host/, so all is in the domain path).

I can however imagine that inside a user’s home directory, where (s)he can make all sorts of adaptions like permision changes and links to and from the published files, there is a chance to create security holes.

In any case, it was the reason that I did not advise it to you. But you know your own environment best. When it is purely local to our LAN or even to your system (blocking other access in your apache config and/or your firewall) security assessment will give another result.

OTOH, never forget that most stupid actions breaking your system are self inflicted. So take precautions against your very self. My first advice was based on that.

Of course not. I assume you run the webserver listening on only, like I do. If you run the webserver listening to the whole world, theoretically an intruder could exploit vulnerabilities, but hey.