jonesypeter wrote:Are there any issues with doing it this way:
sudo chown www-data:www-data /var/www
That is really not the best. There appears to be a common misconception that everything to do with the web should be owned by www-data. Actually it is quite the opposite.
The purpose of Apache running as its own user, and group, is to limit the damage that an attacker can do if there is a security flaw with it or your PHP applications. The www-data user has a shell of "nologin", no access to sudo, is not a member of any groups except its own, and does not own any files or even its own home directory /var/www. Basically it cannot write to anything except /tmp. As far as possible, you want to keep it that way.
Your web site files in /var/www/html should be owned by the user who normally edits them, which may as well be "pi". That will make maintaining the site perfectly convenient. Apache needs to be able to read the files, but it should not be able to write to them.
(Now, in some cases you may need to give www-data write access to specific subdirectories. For instance, if your web site includes a form where users can upload files, and the files are too big to simply store in the mysql database, you may need to write them to disk. Or if part of your site is self modifying, like a wiki, www-data will need to be able to write to that. Any writeable parts should be kept as separate as possible, and preferably not publicly visible.)
I thought sudo chown -R pi:www-data /var/www adds user pi to the www-data group??
"chown user:group …" sets the user and group ownership of files. Then you can set separate permissions for the user, group members, and others using chmod.
I do not understand how the idea of adding pi or other users to the www-data group became so pervasive. It is certainly never necessary, and I am not sure it is ever more convenient. Even in complex cases, such as wanting multiple people to be able to edit the same site, it would be better to create a dedicated group for the purpose, rather than overloading www-data.