Should websites live in /var/ or /usr/ according to recommended usage?

According to a guide on the Linux directory structure, /usr/ is for application files, and /var/ is for files that change (I assume this means "files that belong to the applications"). Is this correct?

If this is the case then I'm a little torn between using either. A website is an application (if it's dynamic, so to speak), but in other cases it is just a collection of files used by Apache.

The default www dir lives in /var/www/, so should we follow suit by using /var/websites/ (or something similar), or choose /usr/websites/ since they could be applications?

This is a very trivial question, but it's bugging me nonetheless. For our case, I'm leaning toward /usr/web or something like that, since our websites are all applications.

Update:

This is for our company websites; it's not a shared hosting server, so we don't need to worry about separating them in /home/ or anything like that.

Answers 7

  • According to the FHS, /usr is for shareable, read-only data - not where you want to put the website. This is where you should put your code (for example Fedora does this for Wordpress). See also the web assets packaging guide for Fedora.

    /var is "variable data files. This includes spool directories and files, administrative and logging data, and transient and temporary files." -- better, but still not quite right -- but a lot of systems will use /var/www, so even if you're wrong to put it there you're in good company.

    /srv is for "site-specific data which is served by this system." -- which seems like a good match, but is much less common than /var/www.

    The other common place to put the site files is under /home -- by creating a special user called website or such, then placing the files inside that user's homedir (e.g., /home/website).



  • Websites should live in users' home directories. They're user data, should be isolated by one-user-per-site, and dynamic content should run as a separate user again, with files that the dynamic content needs to read and modify given the appropriate permissions to do so.

    Update:

    Just because it's not a shared hosting server doesn't mean that you shouldn't engage in good security practices and separate independent roles into their own security zones.



  • Where they live on disk has little matter. It's where you want them.

    I have a symlink from /www on all my machines to where they really live, so I never have to wonder from machine to machine. Some older machines have /u0 and /u1 for user disks, and I place the web things there. Some have /home mounted directly, so they go there, but /www always points to the right place.

    I also do not put any configuration in /usr nor in /var. It goes in /local (which, you guessed it, is a symlink somewhere on /u0 or /u1 typically). This makes backing up things easy. I just back up the user disks.

    Of course, I have a master distribution site for my OS of choice, NetBSD. I make the system like I want it on this main machine (really a xen instance) and rsync /usr around. Makes my life easy.


  • Apache web server have default website under /var/www/ but it is suggesting to put other websites under /srv/

    I noticed this on Ubuntu Server 14.04 LTS. Its default apache2.conf file contains commented block:

    #<Directory /srv/>
    #   Options Indexes FollowSymLinks
    #   AllowOverride None
    #   Require all granted
    #</Directory>
    

  • According to me you should NEVER and NEVER put any Internet Services on the common system zone.

    Your Internet Services (Apache / Tomcat / SSH etc) are a front door, then if you put those services into your System zone you'll be potentially vulnerable to some attacks.

    More than if you have put your differents services into a safe sandbox zone like another detach partition.

    Here is an exemple of structure you could use:

    / --> Root System --> On SDA1 --> Root and System security operator access only
     |
     | -->/usr /etc /var etc.
    
    /SRV --> Web Root --> On SDB1 --> Web users access with minimal rights access.
     |
     |-->/srv/bin & /srv/dta
          |
          |-->/srv/bin/apache (or any other APPLICATION Binaries)
          |-->/srv/dta/SQL (or any other APPLICATION Datas like a 
                            database or web PHP files etc.)
    

Related Questions