Permissions and ownership in /var/www/

[openletter]

I am looking at permissions and ownership in /var/www/ and I'm finding that the defaults in OpenBSD are somewhat non-user friendly as compared to what I used for myself in Linux.

The differences are primarily that:

user:group is root:daemon
Directory permissions are 755
File permissions are 644

These mean that almost anything I want to do must be with root privilege with either doas or root session.

In Linux, I would set ownership so that either my user was the owner or my user was a member of the group (e.g., webdevs) and permissions so that directories were 775 and files were 664. Of course, there are some cases where user or group have to be slightly different, but for the most part I could easily edit most files.

Also, by having my user able to edit most files, the occasional file that can really break things I may set as root so I'm just bit more aware of what I'm editing.

The only reason I can think of to have all permissions requiring root privileges is that if my account is somehow compromised, an attacker could not make edits to public facing files.

So I want to make things more convenient for editing purposes without having to run as root or enter doas 1000+ times consecutively. What might be a good option, and am I missing something here?

[victorvas]

Isn't httpd chroot itself in the /var/www/? What if you create your site in /var/www/sitename and change ownership inside that directory?