I'm going absolutely crazy trying to understand how I should be setting up permissions and ownership for my virtual hosts directories.

I already have a directory structure I plan on using...

/srv/www/foo.com/{public,logs,private}

Now, can someone please help me out with setting up permissions, ownership and groupship (is that a word?) correctly?

Should I add my user to www-data? Is there a better way to do this?

i admit I've having the same issue (well in terms of setting it up so its secure)... but I think the problem is that theres no concrete answer to it. I mean there are so many variables involved (whether you want ftp access, whether you're using fastcgi and need suexec, etc etc).

I think the easiest solution is switching to the apache2-mpm-itk module, it was designed primarily for a multi-user/site host. However, it doesn't work for me because its based on the mpm-prefork module and I've gotten sucked into mpm-worker

of course I'd love to hear an answer from one of the more experienced server admins

bump. Anybody?

well I guess I'll follow-up on my end... since I ended up solving it for my server.

I used the same directory structure as you except I have /home/username

I create a user/group for each domain and their home directory contains their public_html, logs, etc. Then I use suexec (which you have to compile yourself: http://www.linode.com/forums/viewtopic.php?t=2982 ) to make sure that apache and all scripts run under the user for that domain. This way that domain owner only has access to his own files/folders and can't do anything else.

If you really don't want to bother with that much work, alternatively, you could just install virtualmin (a control panel like cpanel but free). They automatically do this sort of work for you..

I tried it, but I didn't like the added cpu/ram usage, but besides that it was pretty neat.